Bug #22306: [External Audit Findings][MLEB] Bypass OTP in Biometric Activation - VELO Production Issue - S-MADP Customer Support & Information Center

Bug #22306

[External Audit Findings][MLEB] Bypass OTP in Biometric Activation

Added by yap chekying about 13 hours ago.

Status:

New

Start date:

29 July 2025

Priority:

Immediate

Due date:

Assignee:

Tan Hi Ann

% Done:

Category:

Spent time:

Target version:

Description

Issue:
Modification of response parameters in the API allows an attacker to alter values such as item prices, item quantities, and other sensitive data commonly used in business transactions, potentially leading to unauthorized changes being accepted by the server.

Recommendation from pentester:
It is recommended to re-verify whether the modified data is valid or not.

Please refer to attached excel for details.

Copy of Audit Findings - Silver lake - ver2.xlsx (5.15 MB) yap chekying, 29 July 2025 10:12 AM

Also available in: Atom PDF

OCBC NISP Velocity Mobile » VELO Production Issue

Issues

Custom queries

Bug #22306

[External Audit Findings][MLEB] Bypass OTP in Biometric Activation