CVEWalkthrough

CVE-2020-27416 Mahavitaran Android Application: Account take over via OTP bypass

No Comments on CVE-2020-27416 Mahavitaran Android Application: Account take over via OTP bypassUncategorized tp9222@gmail.com

Vulnerable Software: Maharashtra State Electricity Board Android Application

Vulnerability: Account take over via OTP bypass

Affected Version: 7.50 and prior

Patched: Yes

Vendor Homepage: https://www.mahadiscom.in/en/home/

App store link: https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en_IN&gl=US

CVE: CVE-2020-27416

CVE Author: Tejas Nitin Pingulkar

Exploit Available: POC Available

About Affected Software

The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran

Consumer App enables consumers to avail Mahavitaran services at his/her

fingertips. The app is simple and easy to use. It provides transparency

in delivering services to consumers.

►Features :

*View and Pay bill

*Register and Track complaints

*View Bill and Payment history

*Manage Multiple Electricity Connections

*Contact 24 x7 MSEDCL Call Center

*Apply for New Connection

* Know the status of New Connection Application and Pay Estimate Charges

*Submit Meter Reading to avoid average billing

*Provide Feedback about Mahavitaran Services

*Update Contact Details ( Mobile Number & E-mail ID ) of consumer

*Find MSEDCL offices and collection centers near you

*Estimate your monthly electricity consumption and bill amount

*Get Information about the Feeder from where the power supply is provided to your connection

*Apply for the change of name

*Submit an application for addition/reduction in load

Exploit:

1. Set Up a Proxy Tool (e.g., Burp Suite)
Intercept the application’s network traffic using Burp Suite or a similar proxy tool.

2. Initiate the Password Reset Process
Open the Mahavitaran (MSEDCL) Android application.
Navigate to the Forgot Password screen.
Enter a valid user ID (e.g., a registered consumer number).


3. Bypass OTP Validation
Enter any random OTP value (e.g., 000000 or 123456).
Intercept the API response using the proxy tool.
Modify the JSON response by changing the “valid” parameter to true.

4. Reset the Password
Submit the request with the modified response.
Enter a new password of your choice.
Successfully log in using the compromised credentials.

POC

CVE-2020-27416 Mahavitaran Android Application: Account take over via OTP bypass

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top