The Business Logic Error – Bypass of OTP Verification During Signup on hover.com was a vulnerability that allowed an attacker to register an account on www.hover.com using any email address without passing the required OTP verification. The vulnerability was caused by the ability to omit the code parameter entirely from the signup request, which resulted in the backend completing the registration and returning a valid session, effectively bypassing the OTP verification…Read More
Tucows (VDP): Business Logic Error – Bypass of OTP Verification During Signup on hover.com
