Search criteria
4 vulnerabilities by mahadiscom
CVE-2020-27416 (GCVE-0-2020-27416)
Vulnerability from cvelistv5 – Published: 2021-12-08 18:36 – Updated: 2024-08-04 16:18
VLAI?
Summary
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:43.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.msedcl.app\u0026hl=en\u0026gl=US"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T18:36:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.msedcl.app\u0026hl=en\u0026gl=US"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.msedcl.app\u0026hl=en\u0026gl=US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.msedcl.app\u0026hl=en\u0026gl=US"
},
{
"name": "https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/",
"refsource": "MISC",
"url": "https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27416",
"datePublished": "2021-12-08T18:36:50",
"dateReserved": "2020-10-21T00:00:00",
"dateUpdated": "2024-08-04T16:18:43.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41716 (GCVE-0-2021-41716)
Vulnerability from cvelistv5 – Published: 2021-12-07 18:37 – Updated: 2024-08-04 03:15
VLAI?
Summary
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://maharashtra.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T18:37:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://maharashtra.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://maharashtra.com",
"refsource": "MISC",
"url": "http://maharashtra.com"
},
{
"name": "https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/",
"refsource": "MISC",
"url": "https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41716",
"datePublished": "2021-12-07T18:37:35",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27413 (GCVE-0-2020-27413)
Vulnerability from cvelistv5 – Published: 2021-12-07 13:35 – Updated: 2024-08-04 16:18
VLAI?
Summary
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:43.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://maharashtra.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mahavitaran.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.msedcl.app\u0026utm_source=APKdownloadMirror.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T13:35:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://maharashtra.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mahavitaran.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.msedcl.app\u0026utm_source=APKdownloadMirror.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://maharashtra.com",
"refsource": "MISC",
"url": "http://maharashtra.com"
},
{
"name": "http://mahavitaran.com",
"refsource": "MISC",
"url": "http://mahavitaran.com"
},
{
"name": "https://play.google.com/store/apps/details?id=com.msedcl.app\u0026utm_source=APKdownloadMirror.com",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.msedcl.app\u0026utm_source=APKdownloadMirror.com"
},
{
"name": "https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/",
"refsource": "MISC",
"url": "https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27413",
"datePublished": "2021-12-07T13:35:24",
"dateReserved": "2020-10-21T00:00:00",
"dateUpdated": "2024-08-04T16:18:43.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27414 (GCVE-0-2020-27414)
Vulnerability from cvelistv5 – Published: 2021-12-02 03:08 – Updated: 2024-08-04 16:18
VLAI?
Summary
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:43.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cvewalkthrough.com/cve-2020-27414-mahavitaran-android-application-insecure-communication-of-sensitive-dat/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-02T03:08:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cvewalkthrough.com/cve-2020-27414-mahavitaran-android-application-insecure-communication-of-sensitive-dat/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cvewalkthrough.com/cve-2020-27414-mahavitaran-android-application-insecure-communication-of-sensitive-dat/",
"refsource": "MISC",
"url": "https://cvewalkthrough.com/cve-2020-27414-mahavitaran-android-application-insecure-communication-of-sensitive-dat/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27414",
"datePublished": "2021-12-02T03:08:13",
"dateReserved": "2020-10-21T00:00:00",
"dateUpdated": "2024-08-04T16:18:43.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}