Fixing FLW App VAPT vulnerabilities reported in App Security Audit report

XMLWordPrintable

    • Type: Epic
    • Resolution: Unresolved
    • Priority: High
    • None
    • Affects Version/s: None
    • None
    • VAPT vulnerabilities

      FLW (Sakhi 2.0/ Utprerona 2.0) Mobile App was under went Security Audit testing using Vulnerability Assessment & Penetration Testing (VAPT) by CODEC Networks.

      Below are the reported vulnerabilities in Security Audit:
      1. vulnerabilities related to Android App (FLW App) :

      • Sensitive User Information available inside Unencrypted Shared Preferences
      • Extraneous Functionality
      • Improper Platform Usage - Debuggable: ClearText Traffic
      • Sensitive Information Data
      • Task Switching
      • Copy Paste Buffer
      • Lack of code obfuscation
      • APP runs on Rooted Device

      2. vulnerabilities related to backend (AMRIT) :

      • Swagger API Disclosure
      • Improper Session Management
      • CORS

      Note: Attached the vulnerability report

        1. Detailed Poc(s) v1.0 (Sakhi Android Application) Piramal Swasthya.pdf
          4.11 MB
        2. Detailed Tracker v1.0 (Sakhi Android Application) Piramal Swasthya.xlsx
          172 kB
        3. Detailed Vulnerability Tracker v1.0 (Sakhi Android App) Piramal Swasthya Management and Research Institute.xlsx
          182 kB
        4. Revalidaiton Tracker v1.0 (Sakhi Android Application) Piramal Swasthya.xlsx
          46 kB

              Assignee:
              Nikhil Ananda Fegade
              Reporter:
              Madhava Ramu N
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: