Posts

Showing posts from 2021

CVE-2020-35398: UTI Mutual fund Android Application- Username Enumeration

Image
Vulnerable Software: UTI Mutual fund Android Application Vulnerability:  Username Enumeration Affected Version: 5.4.28 Patch: Not Released (03-December-2021) Vendor Homepage:   https://utimf.com/ CVE:  CVE-2020-11561 CVE Author:  Tejas Nitin Pingulkar Exploit Available: POC available About Affected Software Investing in Mutual Funds is now easy with the UTI MF (UTI Mutual Funds) App. It gives you a hassle-free experience to invest in any mutual fund scheme of your choice from anywhere, anytime with just a few clicks. The paperless transactions allow new investors to start a SIP or invest a lumpsum with ease. Exploit Input an incorrect username (one that don't exist), the application will respond with an error message "we are unable to recognize the use user id entered" were as if the valid username is entered and invalid password is provided application responds with "the password entered is incorrect" which assist attacker to enumerate v...
Image
CVE-2020-27414 Mahavitaran Android Application: Insecure Communication of Sensitive Data Vulnerable Software:  Maharashtra State Electricity Board Android Application Vulnerability:  Insecure Communication of sensitive data Affected Version:  7.50 and prior Patched:  Yes Vendor Homepage:  https://www.mahadiscom.in/en/home/ App store link:  https://play.google.com/store/apps/details?id=com.msedcl.app&hl=en_IN&gl=US CVE:  CVE-2020-27414 CVE Author:  Tejas Nitin Pingulkar Exploit Available:  POC Available About Affected Software The Official App for Consumer by Mahavitaran ( M.S.E.D.C.L.). Mahavitaran Consumer App enables consumers to avail Mahavitaran services at his/her fingertips. The app is simple and easy to use. It provides transparency in delivering services to consumers. ►Features : *View and Pay bill *Register and Track complaints *View Bill and Payment history *Manage Multiple Electricity Connections *Contact 24 x7 MSEDCL Call ...