CVE-2020-8988

Name of the Vulnerable Software and Affected Versions Voatz application 2020-01-01 for Android

Description The issue allows attackers to discover login credentials and voting history via an offline brute-force approach after gaining root access and making a copy of the local database. This is due to the application only allowing 100 million different PINs.

Recommendations For Voatz application 2020-01-01 for Android, consider implementing additional security measures to protect against brute-force attacks, such as limiting the number of login attempts or using more secure authentication methods. As a temporary workaround, restrict access to the local database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.