Everus.org 1.0.9 Second Factor Redirection

The Everus.org Android application version 1.0.9 has a fundamental design flaw where the client can send a random phone number during the second factor flow with an arbitrary existing user id and the server send the attacker the one time password for the other user.

MD5 | 81b34424d2fb4ef2f76dd3982050a8b1

Related Posts