Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Low
Fix Version/s: 3.2.0
Affects Version/s: None
Labels:
None

Epic Link:
WASA Changes for Mobile & Web App
Sprint:
AMRIT Sprint 39, AMRIT Sprint 38, AMRIT Sprint 40
Service line:
HWC Web App
Environment:
All

The OTP verification process is vulnerable, as the server accepts manipulated responses without proper validation of the OTP, allowing bypass of security controls.

An attacker can access user accounts or perform privileged actions without proper OTP verification, leading to unauthorized access, data theft, or further attacks.

Refer to details in Excel sheet attached in original epic.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Otpbypass error.png
23/Jun/25 2:54 PM
74 kB
Vishwanath Balkur
OTP bypass sucess.png
23/Jun/25 2:53 PM
78 kB
Vishwanath Balkur
screenshot-1.png
25/Jun/25 1:33 PM
149 kB
Thumu Gayathri
screenshot-2.png
25/Jun/25 1:33 PM
147 kB
Thumu Gayathri
screenshot-3.png
25/Jun/25 1:34 PM
147 kB
Thumu Gayathri
screenshot-4.png
25/Jun/25 1:34 PM
155 kB
Thumu Gayathri

Assignee:: Thumu Gayathri
Reporter:: Dr Mithun James
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: 26/May/25 2:56 PM
Updated:: 30/Jun/25 10:58 AM
Resolved:: 30/Jun/25 10:58 AM

Estimated:

Remaining:

Logged:

Not Specified

Details

Description

Attachments

Attachments

Activity

People

Dates

Time Tracking