PT-2018-10420 · Makemytrip · Makemytrip

Divya Jain

Published

2018-05-20

Updated

2019-10-03

CVE-2018-11242

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MakeMyTrip version 7.2.4

Description An issue in the application allows for sensitive information disclosure due to the lack of encryption of locally stored databases. The databases contain cleartext data, which can be accessed through specific files, such as data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.

Recommendations For version 7.2.4, consider encrypting the locally stored databases to prevent sensitive information disclosure. As a temporary workaround, restrict access to the data/com.makemytrip/databases and data/com.makemytrip/Cache directories to minimize the risk of exploitation.

Exploit

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2018-11242

Affected Products

Makemytrip

PT-2018-10420 · Makemytrip · Makemytrip

CVE-2018-11242

Weakness Enumeration

Related Identifiers

Affected Products

References · 4