Any Indian DigiLocker Account Could’ve Been Accessed Without Password

The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords (OTP) and sign in as other users.

Discovered separately by two independent bug bounty researchers, Mohesh Mohan and Ashish Gahlot, the vulnerability could have been exploited easily to