Flipkart – Error in Email Encryption Library

While I was testing Flipkart, I found that their email encryption library has an error while updating the email.

Here,

I request for email update and I had an update link

https://www.flipkart.com/account/updateemail?v1=D11Bss+Nb77uFr+Su/LQJE6XXIEPjxQ/UM77fkfc5cYQTUT0ZBbBfk09QA7Zh0Bx+IPlHNZSNYhAco+X5kUtaR/A==

flipkart_1

So,

Parameter is  D11Bss+Nb77uFr+Su/LQJE6XXIEPjxQ/UM77fkfc5cYQTUT0ZBbBfk09QA7Zh0Bx+IPlHNZSNYhAco+X5kUtaR/A==

If I  just change any letter from the parameter :

e. g :

v1=D11Bss+Nb77uFr+Su/LQJE6XXIEPjxQ/UM75fkfc5cYQTUT0ZBbBfk09QQ7Zh0Bx+IPlHNZSNYhAco+X5kUtaR/A==

D11Bss+Nb77uFr+Su/LQJE6XXIEPjxQ/UM72fkfc5cYQTVT0ZBbBfk09QA7Zh0Bx+IPlHNZSNYhAco+X5kUtaR/A==

error_1

So, when i try to update the email with the invalid parameters :

flipkart_2

 

Since there was no any real world attack scenario with this issue so it was not considered as issue.

Comments

There are no comments.

Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>