CVE-2017-9819
CRITICALBHIM 1.3 - Improper Authentication via OTP Feature
Title source: llmDescription
The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.
References (2)
Core 2
Core References
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/148926
Broken Link x_refsource_misc
https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf
Scores
CVSS v3
9.8
EPSS
0.0213
EPSS Percentile
79.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
npci/bharat_interface_for_money_\(bhim\)
1.3
Published
Aug 24, 2018
Tracked Since
Feb 18, 2026