CVE-2021-43150 - Opay 1.5.1.26 insecure permission

Oct 29, 2021 • Mohammed Al-Barbari

This blog will be updated with more information about the vulnerability and the exploitation once the CVE is assigned.

Discovered by: Mohammed Fadhl Al-Barbari & Zeyad Azima

CVE-ID : `CVE-2021-43150`

Vendor : `https://opayeg.com/`

Vulnerability type : `Insecure permissions`

Tested on : `Opay 1.5.1.26 (Android)`

Description :

Insecure permissions in Opay 1.5.1.26 android application leads to stealing users (authentication tokens, cookies, sensitive data “Credit Cards”, device data & more) via the insecure permissions.

POCs : `Will be avaliable soon`

Follow us:

Twitter:
Zeyad Azima
Mohammed Al-Barbari

LinkedIn:
Zeyad Azima
Mohammed Al-Barbari