CVE-2017-9820

Name of the Vulnerable Software and Affected Versions National Payments Corporation of India BHIM application version 1.3

Description The issue concerns the custom keypad in the BHIM application, where the input element is accessible to the Accessibility service. This accessibility makes it easier for attackers to bypass authentication.

Recommendations For version 1.3, consider restricting access to the Accessibility service for the custom keypad input element until a patch is available. As a temporary workaround, users may want to avoid using the custom keypad for sensitive transactions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.