Bug #127944 for Finance-Bank-HDFC: BUG while transaction with HDFC card on Paytm

hi, I got security bug while doing transaction from my HDFC card *Bug Type*: Authentication Bypass *Reporter Name*: Ashima Sharma *Reporter Email*: ashima01031992@gmail.com *Reporter Paytm Wallet Number*: 7045299334 *If other bug type, please specify*: *Bug Title*: Was able to do transaction with my saved card, without entering in the captcha data on payment gateway page for HDFC debit card transaction *Bug Description*: I recharged for prepaid mobile and choosed to transact via my saved ATM card via ATM PIN option, even without entering the captcha I was able to proceed and transaction happened successfully. This is happening everytime as earlier also I got this issue : My order number for which I got this- Order No 6712284928 *Steps to Reproduce*: 1. Login to your paytm account 2. Enter the prepaid mobile number and amount 3. Selected my saved HDFC card for the payment 4. Out of 2 options of ATM pin and OTP, I choosed ATM PIN option for transaction 5. Give the PIN 6. Leave the captcha unentered/empty and submit Actual Result- Without entering the captcha, was able to do a successful transaction Expected Result- User should be able to do transaction successfully only after this security feature is verified properly and he has entered the captcha correctly *Domain/Subdomain*: Transaction/ Security feature *URL/Endpoint/API*: https://securepayments.fssnet.co.in/hdfcbanka/tranRedirectFrame.htm Screenshots below- [image: image.png] [image: image.png] [image: image.png] -- With Regards Ashima Sharma