The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.
The product contains hard-coded credentials, such as a password or cryptographic key.
Link | Tags |
---|---|
https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf | broken link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/148923 | third party advisory |