CVE-2018-15661

HIGH

Ola Money 1.9.0 - Authentication Bypass via Forgot Password Screen

Title source: llm
STIX 2.1

Description

An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0123
EPSS Percentile 65.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (1)
olacabs/ola_money 1.9.0
Published Aug 21, 2018
Tracked Since Feb 18, 2026