CVE-2017-9821

2018-08-2421:00:00

mitre

www.cve.org

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON

The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.

References

github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf