OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions

## Summary: https://play.mtn.co.za/ authenticates subscribers via OTP before their subscriptions to be changed. However, the request which sends the OTP also returns the OTP in the network response, allowing an attacker to manage a user's usbscriptions. ## Steps To Reproduce: 1. Visit https://play.mtn.co.za/ and open network inspector (e.g., in Chrome) 2. Type in a subscriber's number (here, I used a random number, 0787765562) 3. Type in the `otpKey` in the network response into the OTP prompt field on the website 4. The OTP prompt field has been bypassed ## Supporting Material/References: * F689609 - Example of a network response ## Impact Change a user's subscriptions. This might also be part of a larger issue if the send-otp/ endpoint is used elsewhere.