The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/148923 | Third Party Advisory |
https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf | Broken Link |
Configurations
History
No history.
Information
Published : 2018-08-24 21:29
Updated : 2024-02-28 16:48
NVD link : CVE-2017-9821
Mitre link : CVE-2017-9821
CVE.ORG link : CVE-2017-9821
JSON object : View
Products Affected
npci
- bharat_interface_for_money_\(bhim\)
CWE
CWE-798
Use of Hard-coded Credentials