Skip Menu |

This queue is for tickets about the Finance-Bank-HDFC CPAN distribution.

Report information
The Basics
Id: 128925
Status: rejected
Priority: 0/
Queue: Finance-Bank-HDFC
People
Owner: Nobody in particular
Requestors: akshanshshrivastava [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Mar 25 06:54:59 2019 akshanshshrivastava [...] gmail.com - Ticket created
CC: Akshansh Shrivastava <akshanshshrivastava [...] yahoo.com>
Subject: Multiple netbanking accounts blocked.
Date: Mon, 25 Mar 2019 16:24:31 +0530
To: bug-Finance-Bank-HDFC [...] rt.cpan.org
From: Akshansh Shrivastava <akshanshshrivastava [...] gmail.com>
Hi there, The login customer id is sequential. I can enumerate the username using brute-force attack. The main problem here is that I can block someone’s net banking without there knowledge, by inputing invalid passwords more than 5 times. After that if the real customer tries to do a valid transaction they will not be allowed by net banking for 12 hours or more and every time they have to call the bank for the reactivation of their net banking. This will create problem to the customer and will affect the HDFC Bank. (I have tried blocking my account and the another account with customer id: 60059941) Fix: Instead of sequential user id, use email address or phone number with OTP verification. If there is a bounty for this please let me know Regards: Akshansh Shrivastava 9039272917
  Tue Mar 26 05:11:59 2019 mcgrath.martin [...] gmail.com - Correspondence added
RT-Send-CC: akshanshshrivastava [...] yahoo.com
On Mon Mar 25 10:54:59 2019, akshanshshrivastava@gmail.com wrote: Show quoted text
> Hi there, > The login customer id is sequential. I can enumerate the > username using brute-force attack. The main problem here is that I can > block someone’s net banking without there knowledge, by inputing > invalid passwords more than 5 times. > > After that if the real customer tries to do a valid transaction they > will not be allowed by net banking for 12 hours or more and every time > they have to call the bank for the reactivation of their net banking. > This will create problem to the customer and will affect the HDFC > Bank. > > (I have tried blocking my account and the another account with > customer id: 60059941) > > Fix: Instead of sequential user id, use email address or phone number > with OTP verification. > > If there is a bounty for this please let me know > > > Regards: > Akshansh Shrivastava > 9039272917
This queue is for a defunct perl module, nothing to do with your bank. Why not try contacting them via their official channels.
  Tue Mar 26 05:11:59 2019 The RT System itself - Status changed from 'new' to 'open'
  Mon Nov 09 15:56:29 2020 ether [...] cpan.org - Correspondence added
Subject: rejected: bug report for Finance-Bank-HDFC
This is the bug queue for a defunct Perl module, and NOT the right place to report issues with the bank itself. Please consult the bank's website for how to report issues.
  Mon Nov 09 15:56:29 2020 ether [...] cpan.org - Status changed from 'open' to 'rejected'