Mytel Telecom Online Account System OTP Bypass Vulnerability Allowing Account Takeover
Vulnerability
A vulnerability exists in Mytel Telecom Online Account System version 1.0, allowing attackers to bypass the OTP (One-Time Password) verification process. This is achieved by intercepting and manipulating the server's response to simulate successful OTP verification, thereby granting unauthorized access to accounts associated with any mobile number.
Impact
Exploiting this vulnerability allows for unauthorized access to user accounts, bypassing OTP verification and potentially leading to identity theft.
Reproduction
To reproduce this vulnerability, log into the Mytel Telecom Online Account System and request an OTP by entering a valid mobile number. After receiving the OTP, enter a random six-digit code and attempt to verify it. Intercept the verification request using a tool like Burp Suite, and modify the response to indicate a successful verification. Forward the modified response, which will grant access to the account without a valid OTP.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.