CVE-2018-15661

Name of the Vulnerable Software and Affected Versions Ola Money (aka com.olacabs.olamoney) version 1.9.0

Description An issue was discovered in the Ola Money application for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. The vendor does not agree that this is a security issue requiring a fix.

Recommendations For Ola Money version 1.9.0, as a temporary workaround, consider restricting the use of the Forgot Password screen until the issue is resolved. Additionally, review and restrict applications with accessibility permissions and the ability to read SMS messages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.