Kotak Mahindra Bank one of India’s top banking and financial service provider seems to be facing a serious vulnerability in its website which is prone to hack. zSecure team has detected a Source Code Disclosure Vulnerability in Kotak Bank Portal. As a premier banking institute Kotak Mahindra should be providing a well secure online banking environment.
zSecure team an IT security research group has detected a Source Code Disclosure Vulnerability in Kotak Bank Portal which allows any malicious attacker to gather sensitive information including but not limited to database connection strings, application logic etc. by simply analyzing the source code. If a hacker can get hold of this information, he can use it to conduct further attack on the bank portal.
zSecure team was able to capture some screenshots on possible vulnerability on the banks portal which clearly shows the database information leakage like Database host name, user, password and name.
One of the screenshot shows the NRI account opening form with complete source code access.
zSecure team reported this serious vulnerability two times with Kotak Mahindra Bank, but its seems they are not even responding to this report and the vulnerability found to be unfixed while writing this post.
It seems big tech companies are just neglecting the basic security to protect its data. Kotak Mahindra bank is spending cores of rupees in advertising and marketing, but forgot about the basic security of their own website. Earlier also zSecure team has found database vulnerability on HDFC Bank and Timesofmoney website, Sharekhan Website and Payback.
Hopefully after this exposure from the zSecure team, Kotak Mahindra Bank would fix these vulnerabilities in time and also implement more security measures on their websites.
Update – Kotak Bank’s security team has fixed the vulnerability on their website.