Cert-In warns of critical security flaw in these two government apps

8 months ago 22

India Computer Emergency Response Team (

CERT-In

) has reported ‘high’ severity security flaws within two

government apps

USB Pratirodh

and

AppSamvid

. According to the report, the

vulnerabilities

found within these two apps can allow

hackers

to take control of the applications and also execute arbitrary code.
It is important to note that these two apps are aimed at improving

device security

and preventing

cyber attacks

on users' devices.

Also, both the apps have been developed by
Affected versions are the IT Ministry's Centre for Development and Advanced Computing (C-DAC).
Also, if you are unaware, CERT-in is a government body that monitors security flaws, bugs and issues with apps and softwares available across different platforms including Mac, Windows, Android, iOS, Linux, etc and reports them along with the probable cause and solution.

As per the report, the security flaws have been found within the USB Pratirodh version 3.1.2 and prior and AppSamvid version 2.0.1 or older.
Security flaws found in AppSamvid app
CERT-In has reported that two critical vulnerabilities have been found in AppSamvid that could potentially allow attackers to gain unauthorised access and control. The first (CVE-2024-25102) is a sensitive information exposure vulnerability caused by the use of the weaker SHA1 cryptographic algorithm, enabling attackers with local administrative privileges to obtain user passwords.

The second (CVE-2024-25103) is a DLL hijacking vulnerability arising from the use of vulnerable and outdated components, allowing attackers to execute arbitrary code on targeted systems.
These vulnerabilities pose serious risks to the security and integrity of systems running AppSamvid software.
Security flaws found in USB Pratirodh app
USB Pratirodh app has one

security flaw

that, according to the report, can allow local attackers to take control of the app and also modify the access control of registered users or devices on which the app is installed.
The reason behind the security flaw could be due to the usage of a weaker cryptographic algorithm (hash) SHA1 in the user login component.
What users can do
The government body has advised users to download and install the latest versions of these apps from the respective app stores -- Play Store for Andoid and App Store for iPhone and iPads.
That said, updates for both the apps are already available. So, you can download the Upgrade to AppSamvid version 2.0.2 or later and USB Pratirodh version 3.1.3 or later to stay protected from the mentioned security flaws within these apps.

Article From: timesofindia.indiatimes.com

Read Entire Article

Note:

We invite you to explore our website, engage with our content, and become part of our community. Thank you for trusting us as your go-to destination for news that matters.

Certain articles, images, or other media on this website may be sourced from external contributors, agencies, or organizations. In such cases, we make every effort to provide proper attribution, acknowledging the original source of the content.

If you believe that your copyrighted work has been used on our site in a way that constitutes copyright infringement, please contact us promptly. We are committed to addressing and rectifying any such instances

To remove this article:
Removal Request