Any Indian DigiLocker Account Could’ve Been Accessed Without Password

By GIXnews

The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords (OTP) and sign in as other users.

Discovered separately by two independent bug bounty researchers, Mohesh Mohan and Ashish Gahlot, the vulnerability could have been exploited easily to

Source:: The Hackers News