Disclosure of Merchant_id into the source code without entered OTP code leads to Victims MID takeover.
Critical
K
Kartpay
Submitted None
Team Summary
Official summary from Kartpay
The System Encryption for the merchant registration was revealing the details which can be further exploitable for the Registration of the merchant. After sharing the details by the @bugera it was fixed by the team.
Actions:
Reported by
basant0x01
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure