CVE-2017-9820

The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.
Configurations

Configuration 1 (hide)

cpe:2.3:a:npci:bharat_interface_for_money_\(bhim\):1.3:*:*:*:*:android:*:*

History

21 Nov 2024, 03:36

Type Values Removed Values Added
References () https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf - Broken Link () https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf - Broken Link

Information

Published : 2018-08-24 21:29

Updated : 2024-11-21 03:36


NVD link : CVE-2017-9820

Mitre link : CVE-2017-9820

CVE.ORG link : CVE-2017-9820


JSON object : View

Products Affected

npci

  • bharat_interface_for_money_\(bhim\)
CWE
CWE-287

Improper Authentication