Wednesday 10 June 2020

Any Indian DigiLocker Account Could've Been Accessed Without Password

The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially allowed a remote attacker to bypass mobile one-time passwords (OTP) and sign in as other users to access their sensitive documents stored on the platform. "The OTP function lacks authorization which makes it possible to perform OTP validation with

via The Hacker News
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related posts


  1. Pentest Practice Sites
  2. Hacking Online Games
  3. Pentestmonkey
  4. Pentest Vs Red Team
  5. How To Pentest A Network
  6. Hacking Wifi
  7. Hackintosh
  8. Hacker On Computer
  9. Pentest Wiki
  10. Pentest Checklist
  11. Pentest With Metasploit

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)