Home / exploits eBankIT 6 Arbitrary OTP Generation
Posted on 22 May 2023
In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation.