[ad_1]
Security Researcher Ashish Gehlot pointed out this shortcoming of DigiLocker. Expose did. He found this flaw in the DigiLocker system while analyzing the authentication mechanism. However, the researchers found that the default mechanism when logging in to digital storage asks for a one-time password (OTP) and PIN. But, he managed to bypass this process, added the Aadhaar number to it and changed the parameters, intercepting the connection to DigiLocker.
Anyone with technical knowledge can take advantage of this authentication loophole to set a new PIN and even be able to access the DigiLocker account, that too without any password. Apart from this, through this flaw, hackers can also access the user profile by bypassing the OTP process and can also make many changes using intercepting tools.
Let us tell you, Gehlot had noticed this deficiency in DigiLocker last month, after which he informed the DigiLocker team also. The team fixed this lack of PIN bypass within a few days. However, the OTP bypass flaw has been fixed on Monday.
Available on DigiLocker site statistics If we look at it, 3.84 crore registered users use this platform. Many documents like Aadhar card, insurance letter, income tax return, mark sheet are stored on this platform.
[ad_2]