Everus.org 1.0.9 Second Factor Redirection

Discussion in 'News Aggregator' started by Packet Storm, 17 Nov 2018.

  1. Packet Storm

    Packet Storm Guest

    The Everus.org Android application version 1.0.9 has a fundamental design flaw where the client can send a random phone number during the second factor flow with an arbitrary existing user id and the server send the attacker the one time password for the other user.

    Continue reading...
     

Share This Page

Loading...