Home / Early Warning / Cybersecurity Highlights / DigiLocker fixes a vulnerability in its registry system

DigiLocker fixes a vulnerability in its registry system

06/02/2020

DigiLocker, the official platform of the Government of India for the issuance and verification of documents and certificates, has fixed a critical vulnerability that would have allowed a remote attacker to omit OTP (one-time passwords) from a device mobile and login as other users.

The vulnerability was discovered individually, but on the same dates, by two researchers, Mohesh Mohan and Ashish Gahlot, who reported it to CERT-In and DigiLocker, respectively.

In the official published statement, DigiLocker clarifies that all the information of its users remains safe and secure, and at no time has it been compromised.