HDFC Bank Customer Database Critical Vulnarability Found (& Fixed)

HDFC Bank is one of the leading Banks in India. HDFC stands for Housing Development Finance Corporation - and is one of the first banks in the private sector after RBI liberalized the Indian Banking Industry in 1994. Geeks at #-Link-Snipped-#discovered a critical issue with the bank's customer database on July 15, 2011 and immediately reported it to the bank. The vulnerability called "Hidden SQL Injection Vulnerability" could give complete access to the hackers, allowing them to create a dump and even do shell uploading. In their blog post, zSecure mentions that after alerting the bank about the critical flaw, it took HDFC bank 22 days to reply! The bank replied saying that they have fixed the issue. zSecure checked and found that the issue had not been fixed. They replied back with additional proof of vulnerability and received another email from bank after 2 days. The bank, in their response said -
“We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability.“

After receiving this reply from HDFC, zSecure replied with additional inputs to the security team and finally HDFC was able to fix the problem. We are keen to hear from our readers what they think about it. Do you think IT security is yet to reach the thresholds? Check out following proofs of vulnerability posted by zSecure -

[​IMG]
Image Credit: zSecure

Replies

You are reading an archived discussion.

Related Posts

Baidu Inc., the Chinese based search engine now released a brand new mobile software platform to give a hard competition for Google. In the process of expanding its mobile service...
Zave Networks is supposedly Google's 19th take-over this year so far. It was just last month that  the search engine giant Google had took over Motorola and took charge of...
Tata motors added a new member to their entry level sedans --- The Indigo e-CS VX. It is claimed to be the most effective sedan on the Indian roads giving...
Holding this white beauty in my hand, I hereby proclaim that this is, according to me, one of the best qwerty  phone a person can have if the person have...
Researchers at the University of Michigan have gone a step further in the area Unmanned Arial Vehicles (UAV) removing the need for an external power source. It is quiet impossible...