Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files

vendor:

MakeMyTrip

by:

Divya Jain

6.5

CVSS

MEDIUM

Unencrypted Database Files

311

CWE

Product Name: MakeMyTrip

Affected Version From: 7.2.2004

Affected Version To: 7.2.2004

Patch Exists: YES

Related CWE: CVE-2018-11242

CPE: a:makemytrip:makemytrip:7.2.4

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Android v5.1

2018

Android Application MakeMyTrip 7.2.4 – Unencrypted Database Files

Android application folder was found to contain SQLite database files in the following subdirectory data/com.makemytrip/Cache and data/com.makemytrip/databses. This directory is used to store the application’s databases. The confidential information can be retrieved from the SQLite databases and stored in cleartext. As an impact it is known to affect confidentiality, integrity, and availability. The successful exploitation needs a single authentication and filesystem can be accessed, after rooting an android device. After accessing the directories below /data/com.makemytrip/databases/ and /data/com.makemytrip/cache/, above directories can be seen with unencrypted version of database files stored in the device which can further lead to sensitive information disclosure.

Mitigation:

Encrypt the database files and ensure that the application is not storing any sensitive information in cleartext.

Source

Exploit-DB raw data:

# Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files
# Date: 2018-05-21
# Software Link: MakeMyTrip v7.2.4 Android Application 
# Exploit Author: Divya Jain
# Version: 7.2.4 Android App
# CVE: CVE-2018-11242
# Category: Mobileapps
# Tested on: Android v5.1

# 1. Description
# Android application folder was found to contain SQLite database files in the following subdirectory
# data/com.makemytrip/Cache and data/com.makemytrip/databses. This directory is used to store the application’s databases. 
# The confidential information can be retrieved from the SQLite databases and stored in cleartext.  
# As an impact it is known to affect confidentiality, integrity, and availability.

# 2. Proof-of-Concept
# The successful exploitation needs a single authentication and filesystem can be accessed, after rooting an android device.
# After accessing the directories below

/data/com.makemytrip/databases/
/data/com.makemytrip/cache/

# Above directories can be seen with unencrypted version of database files stored in the device
# which can further lead to sensitive information disclosure.