Any Indian DigiLocker Account Could've Been Accessed Without Password
- С сайта: TheHackersNews
- Вернуться к списку новостей
Any Indian DigiLocker Account Could've Been Accessed Without Password
Author: noreply@blogger.com (Ravie Lakshmanan)The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially allowed a remote attacker to bypass mobile one-time passwords (OTP) and sign in as other users to access their sensitive documents stored on the platform. "The OTP function lacks authorization which makes it possible to perform OTP validation with
#csn #cyber_news
Оригинальная версия на сайте: