CVE-2021-41719
Published: 04 March 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2021-41719 is a sensitive information exposure vulnerability in the Maharashtra State Electricity Distribution Company Limited (MSEDCL) Mahavitran iOS Application up to version 16.1. The application processes requests containing sensitive data, such as user account names and passwords, using the GET method. This practice exposes the information through browser history, referrers, web logs, and other sources. It is associated with CWE-598 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Any unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. By monitoring network traffic, accessing server logs, or leveraging browser-related artifacts, they can capture transmitted credentials, enabling unauthorized access to affected user accounts and potential account takeover.
Mitigation details are available in the referenced advisory at https://cvewalkthrough.com/cve-2021-41719-mseb-ios-application-sensitive-information-exposure/.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability exposes credentials via GET requests in network traffic, server logs, and browser artifacts, directly enabling network sniffing (T1040) and access to unsecured credentials in files (T1552.001).