Tranax ATM master passwords found on the Internet

A security researcher has managed to find the master passwords for the Tranax Mini-Bank ATM unit on the Internet after doing a search on Google.

Be the first to comment

Tranax ATM master passwords found on the Internet

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Last week CNN screened a surveillance video of a man suspected of reprogramming the Tranax ATM to dispense $20 notes when he requested a $5 note using a pre-paid card. But the suspect didn't re-program the unit so it continued to dispense more money than it should have for nine days until the problem was reported by a customer.

Following the report, Dave Goldsmith, founder of Matasano Security, found master passwords to the Tranax Mini-Bank ATM along with other sensitive information in a PDF of the 102-page manual on a reseller Web site.

In his blog, Goldsmith says he first looked on Tranax's Web site and found a knowledge base article that stated that the ATM is programmed with passwords that can be found in the operator's manual.

Goldsmith managed to find a copy of the manual withing 15 minutes. The document includes instructions on how to enter the diagnostic mode, default passwords and default combinations for the safe.

According to press reports Tranax is planning a software upgrade that forces operators to change a default administrative passcode following the scam.

Sponsored [Webinar] Payment Orchestration: Remaining Relevant in Today’s Market

Comments: (0)

[On-Demand Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-InvoicingFinextra Promoted[On-Demand Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-Invoicing