Invia #501868: Excitel Broadband Private Ltd. myExcitel Android app 3.13.0 Insecure OTP Verificationinformazioni

TitoloExcitel Broadband Private Ltd. myExcitel Android app 3.13.0 Insecure OTP Verification
DescrizioneA critical vulnerability exists in the Android app of Excitel Broadband Private Ltd., which provides users with Wi-Fi connection services. The app allows users to log in using their phone number, with a 6-digit One-Time Password (OTP) sent to the registered number for verification. However, the OTP verification mechanism is vulnerable to brute-force attacks, as there is insufficient protection to prevent multiple rapid attempts at guessing the OTP. An attacker can exploit this weakness by brute-forcing the 6-digit OTP, gaining unauthorized access to the user's account. Once logged in, the attacker can access sensitive user data, including Know Your Customer (KYC) documents, and has the ability to update the app's password or modify the associated Wi-Fi connection settings. This vulnerability poses a significant risk, as it allows unauthorized users to hijack accounts, compromise sensitive personal information, and disrupt Wi-Fi services. In order to perform this attack, an attacker should know registered phone number of victim user. Below is the link for affected product: https://play.google.com/store/apps/details?id=com.scaleforce.mobile.myexcitel&hl=en
Utente
 alokkumar0200 (UID 9619)
Sottomissione15/02/2025 20:04 (1 Anno fa)
Moderazione23/02/2025 20:24 (8 days later)
StatoAccettato
Voce VulDB296610 [Excitel Broadband Private my Excitel App 3.13.0 su Android One-Time Password rivelazione di informazioni]
Punti17

Do you know our Splunk app?

Download it now for free!