ValueWalk has published an article about Vidyasagar Potdar, a Ph.D. in Information Security, who conducted a thorough analysis of cryptocurrency exchanges and assessed the level of their security. And guess what? He found out that virtually every crypto exchange has holes in their information security when it comes to HTTP security protocols and what’s even more surprising – password protocols.
The research carried out by Dr. Potdar, covered eleven popular cryptocurrency exchanges, from Coinbase GDAX to Binance. The study explores their password policies and issues with HTTP security.
The table is taken from the study published on ausfinex.foxtailmarketing.com
Vidyasagar Potdar detected problems in password policies of cryptocurrency exchanges. It turned out that common combinations like for example Password123, are permitted and considered as strong. Furthermore, some of the exchanges under consideration accepted passwords where numbers went in serial order – and that is why passwords could be guessed occasionally.
Dr. Potdar also analyzed if these eleven crypto exchanges applied HTTP security headers and figured out that their application was lacking (while they mitigate information security risks). None of them used an HTTP security header for prevention of XSS (cross-site scripting) attacks.
As follows from the study, cryptocurrency exchanges need to review their attitude to information security.