Chavara Family Welfare Centre Chavara Matrimony Site Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in Chavara Matrimony Site version 2.0. This issue arises in the OTP verification process, allowing attackers to manipulate server responses and bypass authentication. By intercepting the OTP verification request with a tool like Burp Suite, attackers can alter the response to falsely indicate a successful OTP match. As a result, unauthorized accounts can be created, facilitating impersonation and the registration of fake identities on the platform.

Impact

Exploiting this vulnerability allows for the creation of fraudulent accounts, which can be used for impersonation, spamming, or other deceptive activities. This undermines the platform's user verification process and can damage its reputation and user trust.

Reproduction

To reproduce this vulnerability, register an account on the Chavara Matrimony Site. After initiating the registration, use a proxy tool like Burp Suite to intercept the OTP verification request. Modify the response to simulate a successful OTP validation, then forward the altered response. The account will be created without a valid OTP, bypassing the verification process.