Ksarieddine

Name of the Vulnerable Software and Affected Versions: Touch Lebanon Mobile App version 2.20.2 Description: A flaw exists in the password reset workflow that allows an attacker to bypass the one-time password (OTP) reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access to the account without a legitimate authentication factor, such as an OTP. This compromises account security and allows for potential unauthorized access to user data. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.