CVE-2018-11242 - An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stor

CVE-2018-11242

Summary

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.

References

Vulnerable Configurations

cpe:2.3:a:makemytrip:makemytrip:7.2.4:*:*:*:*:android:*:*
cpe:2.3:a:makemytrip:makemytrip:7.2.4:*:*:*:*:android:*:*

CVSS

Base:	4.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-312

CAPEC

Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:N/A:N

refmap via4

exploit-db	44690
misc	https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1

Last major update

03-10-2019 - 00:03

Published

20-05-2018 - 14:29

Last modified

03-10-2019 - 00:03