An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted.
References
Link | Resource |
---|---|
https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-username-enumeration/ | Exploit Third Party Advisory |
https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hl=en_IN&gl=US | Product Third Party Advisory |
https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-username-enumeration/ | Exploit Third Party Advisory |
https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hl=en_IN&gl=US | Product Third Party Advisory |
Configurations
History
21 Nov 2024, 05:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-username-enumeration/ - Exploit, Third Party Advisory | |
References | () https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hl=en_IN&gl=US - Product, Third Party Advisory |
29 Dec 2021, 19:03
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-203 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:utimf:uti_mutual_fund_invest_online:*:*:*:*:*:android:*:* | |
References | (MISC) https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hl=en_IN&gl=US - Product, Third Party Advisory | |
References | (MISC) https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-username-enumeration/ - Exploit, Third Party Advisory |
23 Dec 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-23 22:15
Updated : 2024-11-21 05:27
NVD link : CVE-2020-35398
Mitre link : CVE-2020-35398
CVE.ORG link : CVE-2020-35398
JSON object : View
Products Affected
utimf
- uti_mutual_fund_invest_online
CWE
CWE-203
Observable Discrepancy