CVE-2020-27413

MEDIUM

Mahavitaran <7.50 - Info Disclosure

Title source: llm

Description

An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.

References (4)

[Broken Link, Vendor Advisory] http://maharashtra.com

[Vendor Advisory] http://mahavitaran.com

[Third Party Advisory] https://cvewalkthrough.com/cve-2020-27413-mahavitaran-android-application-clear-text-password-storage/

[Third Party Advisory] https://play.google.com/store/apps/details?id=com.msedcl.app&utm_source=APKdownloadMirror.com

Scores

CVSS v3 4.2

EPSS 0.0006

EPSS Percentile 18.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

mahadiscom/mahavitaran < 7.50

Timeline

Published Dec 07, 2021

Tracked Since Feb 18, 2026