| Titel | PhonePe Private Limited PhonePe Android App 25.03.21.0 Information Disclosure |
|---|
| Beschreibung | The PhonePe Android app (v25.03.21.0) stores authentication tokens, KYC metadata, and personally identifiable information (PII) in plaintext within local SQLite databases. Attackers with root access can extract this data and use it to access user accounts via production APIs. This results in account takeover and identity theft.
|
|---|
| Quelle | ⚠️ https://github.com/honestcorrupt/-Insecure-Local-Storage-of-Sensitive-User-Data-in-PhonePe-Android-App-Unpatched- |
|---|
| Benutzer | honest_corrupt (UID 85229) |
|---|
| Einreichung | 13.05.2025 09:27 (vor 11 Monaten) |
|---|
| Moderieren | 25.05.2025 00:21 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 310242 [PhonePe App 25.03.21.0 auf Android SQLite Database databases Information Disclosure] |
|---|
| Punkte | 18 |
|---|