Improper Access Control leaks OTPs sent to all phone numbers

## Summary: Hi there, You have a subdomain at https://otp-dev.my.mtn.com/. This subdomain communicates with the API hosted at `https://nextgen-functions.azurewebsites.net`. `https://nextgen-functions.azurewebsites.net` leaks your customer phone numbers and OTPs sent to their phone number from MTN applications {F2893405} ## Steps To Reproduce: [add details for how we can reproduce the issue] 1. In this URL, change the **country_code** and you'll get list of customers and the OTP sent to their phone numbers. `https://nextgen-functions.azurewebsites.net/api/otp?country_code=CMR&code=Skf_qTreQ7DVuKmjLbtiES419DOWNdg3zhg7vkGMk1-UAzFuhEFJ7g==` 1. Observe the following screenshot {F2893392} ## Supporting Material/References: [list any additional material (e.g. screenshots, logs, etc.)] * [attachment / reference] ## Impact An attacker might be able to: 1. Bypass 2FA 2. Bypass authentication 3. View phone numbers of your customers