Home / exploitsPDF  

eBankIT 6 Arbitrary OTP Generation

Posted on 22 May 2023

In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation.

 

TOP