CoinBeyond Bug: Account Lockout Never occurs

Wednesday, May 11, 2016 By Jitendra 0 comments









Hi,

 I was not working from last few weeks but since I have some old bugs to share which I have found about 8 months ago and worked ethically by reporting them to the team but they are not care to reply on them as well as well I also contacted them on Twitter and they ignored my tweet.
Since It has been more than 8 months since I reported these bugs to them I started disclosing them.

 This Bug is about there account lockout functionality.
After signin into our account from there Android app there is an option where you can set a 4 digit Pin.
You have to enter this Pin every time you reopen the app after closing it. It is a very good functionality which can prevent intruders from accessing your account even them have got physical access to your device.
There are many feature in the mobile app which WebApp lacks.
So let suppose someone knew your credentials but since there is a PIN on your devices he can logout from the app. Because in order to logout he should have to know the right PIN to access the logout feature.
Now How does this functionality works.
You can't logout from the app without entering the pin because doing logout and relogin again will disable the PIN code safety measure. 
If you tried entering the PIN more then 5 times then it will show that you account is locked for 30 minutes.

Now Exploiting.

So as I explained in order to disable the PIN you have to do logout so enter the wrong PIN 5 times It will automatically logs you out from the App and it will show a message like this 

 Now it says that the account is locked out for 30 minutes and it will automatically logs you out from the app. But the account lockout will never occurs 
Now since you know the credentials you can use them to relogin and bypassing the PIN security measure since the Account lockout never occurred.
If you want to give your opinion on this bug feel free to comment.

 Thanks 
Jitendra Santram Singh(Team Computer Korner) 



Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

About the Author

Written by CK Admins

Computer Korner is an open knowledge sharing site, where the we try to share our experience with IT, Security, Networking, System Administration tasks faced in day to day life. Articles from visitors are highly appreciated. Contact Us at : Click Here


0 comments:

Subscribe to: Post Comments (Atom)