Description
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.
References (4)
Core 4
Core References
Broken Link, Vendor Advisory x_refsource_misc
http://maharashtra.com
Vendor Advisory x_refsource_misc
http://mahavitaran.com
Third Party Advisory x_refsource_misc
https://play.google.com/store/apps/details?id=com.msedcl.app&utm_source=APKdownloadMirror.com
Third Party Advisory x_refsource_misc
https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/
Scores
CVSS v3
4.2
EPSS
0.0032
EPSS Percentile
23.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (1)
mahadiscom/mahavitaran
< 7.50
Published
Dec 07, 2021
Tracked Since
Feb 18, 2026