| 제목 | Airtel (Bharti Airtel Limited) Airtel Thanks App 4.105.4 Insecure Local Storage (OWASP Mobile Top 10: M2, M5) |
|---|
| 설명 | The Airtel Android app stores sensitive user data such as payment history, personally identifiable information (PII), and authentication-related tokens in unencrypted local storage. These files are accessible in plaintext format at `/Android/data/com.myairtelapp/files/`, violating OWASP Mobile Top 10 standards. This makes the data easily extractable via physical access, ADB, or malicious apps with basic storage permissions.
The issue exposes:
- Payment transaction logs
- Linked mobile numbers
- User personal info
- Login or auth-related metadata
Impact: A malicious actor with device access or minimal permissions can extract and misuse sensitive Airtel user data.
|
|---|
| 원천 | ⚠️ https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data |
|---|
| 사용자 | honest_corrupt (UID 85229) |
|---|
| 제출 | 2025. 06. 17. AM 07:02 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 26. PM 10:02 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 314046 [Bharti Airtel Thanks App 4.105.4 켜짐 Android files 정보 공개] |
|---|
| 포인트들 | 20 |
|---|