The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.
Link | Tags |
---|---|
https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf | broken link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/148927 | third party advisory |