Loading HuntDB...

Disclosure of Merchant_id into the source code without entered OTP code leads to Victims MID takeover.

Critical
K
Kartpay
Submitted None

Team Summary

Official summary from Kartpay

The System Encryption for the merchant registration was revealing the details which can be further exploitable for the Registration of the merchant. After sharing the details by the @bugera it was fixed by the team.

Reported by basant0x01

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Information Disclosure