Enviar #598122: Airtel (Bharti Airtel Limited) Airtel Thanks App 4.105.4 Insecure Local Storage (OWASP Mobile Top 10: M2, M5)información

TítuloAirtel (Bharti Airtel Limited) Airtel Thanks App 4.105.4 Insecure Local Storage (OWASP Mobile Top 10: M2, M5)
DescripciónThe Airtel Android app stores sensitive user data such as payment history, personally identifiable information (PII), and authentication-related tokens in unencrypted local storage. These files are accessible in plaintext format at `/Android/data/com.myairtelapp/files/`, violating OWASP Mobile Top 10 standards. This makes the data easily extractable via physical access, ADB, or malicious apps with basic storage permissions. The issue exposes: - Payment transaction logs - Linked mobile numbers - User personal info - Login or auth-related metadata Impact: A malicious actor with device access or minimal permissions can extract and misuse sensitive Airtel user data.
Fuente⚠️ https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
Usuario
 honest_corrupt (UID 85229)
Sumisión2025-06-17 07:02 (hace 12 meses)
Moderación2025-06-26 22:02 (10 days later)
EstadoAceptado
Entrada de VulDB314046 [Bharti Airtel Thanks App 4.105.4 en Android files divulgación de información]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!