High severity8.8NVD Advisory· Published Sep 23, 2018· Updated Jun 17, 2026
CVE-2018-17401
CVE-2018-17401
Description
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/magicj3lly/appexploits/blob/master/PhonePe%20Authentication%20Bypass-2.pdfnvdThird Party Advisory
News mentions
0No linked articles in our index yet.