OTP code Leaked in API Response

## Summary: The application https://corporate.admyntec.co.za allows users to sign up for device insurance. When you Get a Quote, it requires authentication via phone number. An OTP is sent to the phone number to further validate the action was initiated by the legit user. Except this same OTP code is returned in the OTP response. ## Steps To Reproduce: 1.Vist https://corporate.admyntec.co.za/customerInsurance and get a quote. 2. Have a proxy interceptor tool like burpsuite running. Now enter any valid MTN number. 3. Notice the OTP code is also returned in the API's response {F3484295} ## Impact It's possible to sign up with other users accounts. It's possible to log into other users accounts as well.