Activity

From 17 July 2025 to 15 August 2025

Today

09:58 AM VELO Production Issue Bug #22304 (Resolved): [External Audit Findings][MLEB] User Enumeration through Error Messages
RC: Error messages provides valid and invalid username information.
Solution: Modify error message to generic mess...
Tan Hi Ann

30 July 2025

04:43 PM VELO Production Issue Bug #22300: [External Audit Findings][Android] Certificate files hardcoded inside the app
238,044
30/7/2025 Bug #22300 [External Audit Findings][Android] Certificate files hardcoded inside the app
Issue:...
Hao Ter Tai
10:35 AM VELO Production Issue Bug #22165 (Closed): [PROD][Android] Added "uat" Word in Android Name and Causing Crash When App ...
released to production on 3rd July 2025 yap chekying
10:30 AM VELO Production Issue Bug #22165 (Resolved): [PROD][Android] Added "uat" Word in Android Name and Causing Crash When Ap...
Verified tanchen yee

29 July 2025

10:24 AM VELO Production Issue Bug #22301 (Assigned): [External Audit Findings][iOS] No Jailbreak Detection
Added more rigid jailbreak detection. He Xi Yeo
10:05 AM VELO Production Issue Bug #22301 (Assigned): [External Audit Findings][iOS] No Jailbreak Detection
Issue:
Jailbreaking is the process of gaining administrative or privileged access to the iOS OS. Without jailbreak d...
yap chekying
10:22 AM VELO Production Issue Bug #22302 (Assigned): [External Audit Findings][iOS] Certificate files hardcoded inside the app
The certificate is now encrypted and obfuscated before being included in app. He Xi Yeo
10:07 AM VELO Production Issue Bug #22302 (Assigned): [External Audit Findings][iOS] Certificate files hardcoded inside the app
Issue:
Same as Android – developers embed a list of trusted certificates inside the app and use it to validate serve...
yap chekying
10:20 AM VELO Production Issue Bug #22303 (Assigned): [External Audit Findings][iOS] Weak SSL Pinning
Added SSL Pinning, which compare server hashed public key compared to app's hashed public key. He Xi Yeo
10:09 AM VELO Production Issue Bug #22303 (Assigned): [External Audit Findings][iOS] Weak SSL Pinning
Issue:
During testing on iOS apps, the tester found that the app does not implement SSL Pinning. Without SSL Pinning...
yap chekying
10:12 AM VELO Production Issue Bug #22306 (New): [External Audit Findings][MLEB] Bypass OTP in Biometric Activation
Issue:
Modification of response parameters in the API allows an attacker to alter values such as item prices, item q...
yap chekying
10:11 AM VELO Production Issue Bug #22305 (New): [External Audit Findings][MLEB] Insecure Direct Object Reference Vulnerability ...
Issue:
The IDOR vulnerability occurs when an app exposes internal object references without access control. This all...
yap chekying
10:10 AM VELO Production Issue Bug #22304 (Resolved): [External Audit Findings][MLEB] User Enumeration through Error Messages
Issue:
Error messages in an application can provide valid and invalid username information.
This information can po...
yap chekying
10:04 AM VELO Production Issue Bug #22300 (New): [External Audit Findings][Android] Certificate files hardcoded inside the app
Issue:
SSL Pinning is a security mechanism used to prevent man-in-the-middle attacks by validating the certificate ...
yap chekying
10:02 AM VELO Production Issue Bug #22299 (New): [External Audit Findings][Android] Weak Root Detection
Issue:
Rooting is the process of gaining administrative or privileged access to the Android OS. Without root detecti...
yap chekying
09:55 AM VELO Production Issue Bug #22286 (Pending UAT ): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
Tested OK in SIT yap chekying
09:54 AM VELO Production Issue Bug #22275 (Pending UAT ): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
yap chekying
09:53 AM VELO Production Issue Bug #22275: [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Transfer][Online Tr...
Tested ok in SIT yap chekying
09:52 AM VELO Production Issue Bug #22274 (Pending UAT ): [PROD][Android][Fund Transfer][Manage Saved Beneficiary][Domestic Tran...
Show "Online Transfer" yap chekying

28 July 2025

04:31 PM VELO Production Issue Bug #22282 (Monitoring): [PROD][BE][Fund Transfer][Transaction Summary] Duplicate Records Show on...
Unable to reproduce it in UAT. Based on log review, only one record was passed from MLEB to BE. yap chekying
04:28 PM VELO Production Issue Change Request #22160 (Closed): [CR][Android] Chinese Translation
Released to production on 3rd July 2025 yap chekying
04:28 PM VELO Production Issue Change Request #22161 (Closed): [CR][iOS] Chinese Translation
Released to production on 3rd July 2025 yap chekying
04:27 PM VELO Production Issue Bug #22280 (Closed): [PROD][BE] Hit MCB999 Error and Required Reactivate Biometric & SW Token
Released to production on 14th July 2025 yap chekying
04:26 PM VELO Production Issue Bug #22241 (Closed): [UAT][BE][Unbind Device] Hit Error When Unbind Device
Released to production on 14th July 2025 yap chekying
04:25 PM VELO Production Issue Bug #22240 (Closed): [UAT][Android][ATM & Branch] Show Error When Tap on ATM & Branch Menu
same as redmine #22286 yap chekying

25 July 2025

03:31 PM VELO Production Issue Bug #22101 (Closed): [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields is ...
yap chekying
12:05 PM VELO Production Issue Bug #22101: [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields is Empty
BAU only set to system default.
solution
during calling getsTransactionFundTransferStep1 grap value and store it ...
sengloong.khoo sengloong.khoo
03:31 PM VELO Production Issue Bug #22106 (Closed): [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms...
yap chekying
02:56 PM VELO Production Issue Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...
Root Cause:
The application crash occurred during the Telegraphic Transfer (TT) flow in the Business-As-Usual (BAU...
sengloong.khoo sengloong.khoo
02:49 PM VELO Production Issue Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...
the root cause provided is unclear, and the solution is missing. yap chekying
12:15 PM VELO Production Issue Bug #22106: [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Terms & Condit...
Refer 22101 as due to changing calling getsTransactionFundTransferStep1 FE require to call additional transactionBene... sengloong.khoo sengloong.khoo

24 July 2025

05:11 PM VELO Production Issue Bug #22064 (Closed): [PROD][Android] Show Popup "This app needs retrieve IMEI" When Open App
yap chekying
04:42 PM VELO Production Issue Bug #22064 (Assigned): [PROD][Android] Show Popup "This app needs retrieve IMEI" When Open App
please provide root cause and solution. yap chekying
04:42 PM VELO Production Issue Bug #22101 (Assigned): [PROD][Android][Telegraphic Transfer] Transfer Frequency Dropdown Fields i...
please provide root cause and solution yap chekying
04:40 PM VELO Production Issue Bug #22106 (Assigned): [UAT][Android][Telegraphic Transfer][Special Deal] App Crash When Open Ter...
please help to provide root cause and solution yap chekying
11:22 AM VELO Production Issue Bug #22286 (Assigned): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
Hao Ter Tai
11:18 AM VELO Production Issue Bug #22286 (Resolved): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
237999
24-7-2025 Bug #22286 [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
Actual Result:
Show err...
Hao Ter Tai

23 July 2025

04:21 PM VELO Production Issue Bug #22283 (Assigned): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
Hao Ter Tai
04:20 PM VELO Production Issue Bug #22283 (Resolved): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
237981
22/7/2025 update google-service.json for uat and prod for crashlytic fixes
root cause: google-service.js...
Hao Ter Tai

18 July 2025

04:52 PM VELO Production Issue Bug #22246 (Feedback): [UAT][BE][Biometric Login]Hit Error When Enable Biometric Login
BE: From logs on 03/07/2025, seems to be omni side error(omni.O0081 Undefined error), pls check with omni side whethe... Tan Hi Ann
04:26 PM VELO Production Issue Bug #22282 (Feedback): [PROD][BE][Fund Transfer][Transaction Summary] Duplicate Records Show on T...
BE: Upon inspecting production logs, only found one such result from omni, and only one such result is passed back to FE Tan Hi Ann
04:19 PM VELO Production Issue Bug #22286 (Pending UAT ): [UAT][Android][ATM & Branch]Hit Error When Tap on ATM & Branch
+Pre-Login+
Steps to Reproduce:
1. Pre-Login screen, tap on "ATM & Branch".
Post Login
Steps to Reproduce:
1. ...
yap chekying
11:00 AM VELO Production Issue Bug #22283 (Assigned): [PROD][Android] Version 1.0.43 Does Not Go Into Log Crashlytic
Update the app_id to match the one used in Firebase. yap chekying

17 July 2025

03:03 PM VELO Production Issue Bug #22280 (Resolved): [PROD][BE] Hit MCB999 Error and Required Reactivate Biometric & SW Token
Issue: Incorrect Sequence Key Constraints
Fix: Fix code ensures that ID numbers now follow the correct sequence
SP LENG
02:57 PM VELO Production Issue Bug #22241 (Resolved): [UAT][BE][Unbind Device] Hit Error When Unbind Device
Issue: Incorrect Sequence Key Constraints
Fix: Fix code ensures that ID numbers now follow the correct sequence
SP LENG
 

Also available in: Atom