The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/148926 | Third Party Advisory |
https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf | Broken Link |
Configurations
History
No history.
Information
Published : 2018-08-24 21:29
Updated : 2024-02-28 16:48
NVD link : CVE-2017-9819
Mitre link : CVE-2017-9819
CVE.ORG link : CVE-2017-9819
JSON object : View
Products Affected
npci
- bharat_interface_for_money_\(bhim\)
CWE
CWE-287
Improper Authentication