CVE-2017-9820

2018-08-2421:00:00

mitre

www.cve.org

9.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.8%

JSON

The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.

References

github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf