Metin Ögtem

**Name of the Vulnerable Software and Affected Versions** Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application versions 1.6.2 through 1.12 **Description** Insufficient session expiration in the application allows for session hijacking, a process where an attacker takes over a user's active session. **Recommendations** Update the application to version 1.13.

**Name of the Vulnerable Software and Affected Versions** Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application versions 1.6.2 through 1.12 **Description** Improper restriction of excessive authentication attempts allows for Brute Force attacks, which can lead to an OTP (One-Time Password) bypass. Brute Force is a trial-and-error method used to guess login credentials or security codes by systematically trying many possible combinations. **Recommendations** Update the Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application to version 1.13 or later.