HDFC Bank is one of the leading Banks in India. HDFC stands for Housing Development Finance Corporation – and is one of the first banks in the private sector after RBI liberalized the Indian Banking Industry in 1994. Geeks at zSecure discovered a critical issue with the bank’s customer database on July 15, 2011 and immediately reported it to the bank. The vulnerability called “Hidden SQL Injection Vulnerability” could give complete access to the hackers, allowing them to create a dump and even do shell uploading. In their blog post, zSecure mentions that after alerting the bank about the critical flaw, it took HDFC bank 22 days to reply!

The bank replied saying that they have fixed the issue. zSecure checked and found that the issue had not been fixed. They replied back with additional proof of vulnerability and received another email from bank after 2 days. The bank, in their response said -

“We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability.“