1.42

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sbi

NVD

Published: 2018-09-16

Updated: 2024-11-21

Summary

The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sbi SBI SBI Buddy 1.42 SBI SBI Buddy 1.41	2

References

https://github.com/magicj3lly/appexploits/blob/master/SBI_Buddy_AuthenticationBypass.pdf
https://github.com/magicj3lly/appexploits/blob/master/SBI_Buddy_AuthenticationBypass.pdf