1 min readMar 2, 2018
Thanks for appreciation Yugesh. The mitigation here is simple, there was no server side validation hence server side validation for the OTP should be implemented in this case. You can dm to my twitter any time. ☺
Written by Avinash Jain (@logicbomb)
Security Engineer @Microsoft | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc