MidnightBSD

Advisories for npci

CVE-2017-9818 MEDIUM

The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,

Products Affected

Vendor Product Version
npci bharat_interface_for_money_(bhim) 1.3
CVE-2017-9819 HIGH

The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
npci bharat_interface_for_money_(bhim) 1.3
CVE-2017-9820 HIGH

The National Payments Corporation of India BHIM application 1.3 for Android uses a custom keypad for which the input element is available to the Accessibility service, which makes it easier for attackers to bypass authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
npci bharat_interface_for_money_(bhim) 1.3
CVE-2017-9821 HIGH

The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
npci bharat_interface_for_money_(bhim) 1.3