Project

General

Profile

Actions
Copy link

Feature #254

closed

Feature #235: [Security Audit Round 2 ]

[Security Audit Round 2 ] OTP Bypass (Repeated)

Added by Kalyan Battula 12 months ago. Updated 11 months ago.

Status:
Closed
Priority:
High
Assignee:
Kalyan Battula
Category:
-
Target version:
Security Audit
Start date:
01/05/2024
Due date:
% Done:

0%

Estimated time:
Deployed In:
Category:

Description

OTP Bypass (Repeated)
observation : Repeated
CWE : CWE-287
Description :
In this application OTP is disclosed in response.
Affected Path(s) :
https://earogya.satragroup.in/login *-Applicable to entire application
Impact :
Attacker can us e the OTP value to bypass the login without the actual user intervention
Evidence/Proof Of Concept :
Step 1: Access the application and Go to forgot password page and enter random OTP as
shown in below screenshot.

Step 2: Successfully Navigate the password change page

Step 3: Capture the above request and Observe the response.New Password has been
changed successfully even after entering the invalid OTP as shown in below screenshot.

Step 4: Functionality issue

Recommendation :
It is recommended not to disclose the OTP in the response

Files

Download all files
clipboard-202405011248-oee8f.png (479 KB) clipboard-202405011248-oee8f.png Kalyan Battula, 01/05/2024 12:48 PM
clipboard-202405011249-cnlo2.png (465 KB) clipboard-202405011249-cnlo2.png Kalyan Battula, 01/05/2024 12:49 PM
clipboard-202405011249-cqemn.png (48.7 KB) clipboard-202405011249-cqemn.png Kalyan Battula, 01/05/2024 12:49 PM
clipboard-202405011250-b1cy5.png (430 KB) clipboard-202405011250-b1cy5.png Kalyan Battula, 01/05/2024 12:50 PM
Actions
Copy link

Also available in: Atom PDF