CVE-2021-21385

Name of the Vulnerable Software and Affected Versions Mifos-Mobile versions before commit e505f62

Description The Mifos-Mobile Android Application for MifosX has a security issue where it disables HTTPS hostname verification of its HTTP client and accepts any self-signed certificate as valid. This lack of verification can allow for man-in-the-middle attacks, as it does not ensure that the presented certificate is valid for the host. The issue is related to the improper handling of HTTPS connections, which can compromise the security of the application.

Recommendations For versions before commit e505f62, update to a version that includes the fix commit e505f62 to resolve the issue. As a temporary workaround, consider restricting the use of the application in unsecured networks to minimize the risk of exploitation.