DigiLocker fixes a vulnerability in its registry system
DigiLocker, the official platform of the Government of India for the issuance and verification of documents and certificates, has fixed a critical vulnerability that would have allowed a remote attacker to omit OTP (one-time passwords) from a device mobile and login as other users.
The vulnerability was discovered individually, but on the same dates, by two researchers, Mohesh Mohan and Ashish Gahlot, who reported it to CERT-In and DigiLocker, respectively.
In the official published statement, DigiLocker clarifies that all the information of its users remains safe and secure, and at no time has it been compromised.
References
-
03/06/2020yetanothersec.com
Etiquetas
