📚 MTN Group: Authentication bypass in https://nin.mtn.ng

Summary: In a nutshell, an authentication bypass exploits weak authentication mechanisms to allow a hacker to access your systems and data.In a nutshell, an authentication bypass exploits weak authentication mechanisms to allow a hacker to access your systems and data Steps To Reproduce: 1.I was going to the site: https://mtnbusiness.com.ng and on the home page I clicked on personal and the site redirected me to another site which is: https://www. mtn.ng and on this site on which I was redirected I saw "link your NIN" and I went to this site and after listing I found an impressive thing which is the Tiny filemanager and to authenticate myself I bypass it with default credentials to access it. The default credentials are: Login Details: admin/admin@123 | user/12345 and I had access to the panel and I had privileges like modify, upload, delete Supporting Material/References: [list any additional material (e.g. screenshots, logs, etc.)] [attachment / reference] Impact The impact of authentication vulnerabilities can be very severe. Once an attacker has either bypassed authentication or has brute-forced their way into another user's account, they have access to all the data and functionality that the compromised account... ...