Description

The OTP mock is still enabled in the application.

Impact

- Attacker with information from a user of the application gets to the point where the OTP is requested. - Enters default OTP and successfully logs in to the application.

Recommendation

Remove the OTP mock so that you can only login to the application with the OTP sent to the email.

Threat

Unauthorized user with access to the application.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes