CVE-2021-41716

Опубликовано: 07 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function

Ссылки

http://maharashtra.com
Not Applicable
https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/
Exploit
Third Party Advisory
http://maharashtra.com
Not Applicable
https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mahadiscom:mahavitaran:*:*:*:*:*:android:*:*

Версия до 7.50 (включая)

EPSS

Процентиль: 58%

0.00364

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-mg6c-xr2j-v4fv

github

около 4 лет назад