CVE-2021-41719

Name of the Vulnerable Software and Affected Versions Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application version 16.1

Description The issue concerns the Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application, which uses the GET method to process requests containing sensitive information, such as user account name and password. This can lead to exposure of the sensitive information through the browser's history, referrers, web logs, and other sources.

Recommendations For version 16.1, consider modifying the application to use a more secure method, such as the POST method, to process requests containing sensitive information, and ensure that sensitive data like user account name and password are properly encrypted and protected. As a temporary workaround, restrict access to the application's history and referrers to minimize the risk of sensitive information exposure.