Cert-In warns of critical security flaw in these two government apps

Share via:



India Computer Emergency Response Team (CERT-In) has reported ‘high’ severity security flaws within two government appsUSB Pratirodh and AppSamvid. According to the report, the vulnerabilities found within these two apps can allow hackers to take control of the applications and also execute arbitrary code.
It is important to note that these two apps are aimed at improving device security and preventing cyber attacks on users’ devices.Also, both the apps have been developed by
Affected versions are the IT Ministry’s Centre for Development and Advanced Computing (C-DAC).
Also, if you are unaware, CERT-in is a government body that monitors security flaws, bugs and issues with apps and softwares available across different platforms including Mac, Windows, Android, iOS, Linux, etc and reports them along with the probable cause and solution.
As per the report, the security flaws have been found within the USB Pratirodh version 3.1.2 and prior and AppSamvid version 2.0.1 or older.
Security flaws found in AppSamvid app
CERT-In has reported that two critical vulnerabilities have been found in AppSamvid that could potentially allow attackers to gain unauthorised access and control. The first (CVE-2024-25102) is a sensitive information exposure vulnerability caused by the use of the weaker SHA1 cryptographic algorithm, enabling attackers with local administrative privileges to obtain user passwords.
The second (CVE-2024-25103) is a DLL hijacking vulnerability arising from the use of vulnerable and outdated components, allowing attackers to execute arbitrary code on targeted systems.
These vulnerabilities pose serious risks to the security and integrity of systems running AppSamvid software.
Security flaws found in USB Pratirodh app
USB Pratirodh app has one security flaw that, according to the report, can allow local attackers to take control of the app and also modify the access control of registered users or devices on which the app is installed.
The reason behind the security flaw could be due to the usage of a weaker cryptographic algorithm (hash) SHA1 in the user login component.
What users can do
The government body has advised users to download and install the latest versions of these apps from the respective app stores — Play Store for Andoid and App Store for iPhone and iPads.
That said, updates for both the apps are already available. So, you can download the Upgrade to AppSamvid version 2.0.2 or later and USB Pratirodh version 3.1.3 or later to stay protected from the mentioned security flaws within these apps.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Cert-In warns of critical security flaw in these two government apps



India Computer Emergency Response Team (CERT-In) has reported ‘high’ severity security flaws within two government appsUSB Pratirodh and AppSamvid. According to the report, the vulnerabilities found within these two apps can allow hackers to take control of the applications and also execute arbitrary code.
It is important to note that these two apps are aimed at improving device security and preventing cyber attacks on users’ devices.Also, both the apps have been developed by
Affected versions are the IT Ministry’s Centre for Development and Advanced Computing (C-DAC).
Also, if you are unaware, CERT-in is a government body that monitors security flaws, bugs and issues with apps and softwares available across different platforms including Mac, Windows, Android, iOS, Linux, etc and reports them along with the probable cause and solution.
As per the report, the security flaws have been found within the USB Pratirodh version 3.1.2 and prior and AppSamvid version 2.0.1 or older.
Security flaws found in AppSamvid app
CERT-In has reported that two critical vulnerabilities have been found in AppSamvid that could potentially allow attackers to gain unauthorised access and control. The first (CVE-2024-25102) is a sensitive information exposure vulnerability caused by the use of the weaker SHA1 cryptographic algorithm, enabling attackers with local administrative privileges to obtain user passwords.
The second (CVE-2024-25103) is a DLL hijacking vulnerability arising from the use of vulnerable and outdated components, allowing attackers to execute arbitrary code on targeted systems.
These vulnerabilities pose serious risks to the security and integrity of systems running AppSamvid software.
Security flaws found in USB Pratirodh app
USB Pratirodh app has one security flaw that, according to the report, can allow local attackers to take control of the app and also modify the access control of registered users or devices on which the app is installed.
The reason behind the security flaw could be due to the usage of a weaker cryptographic algorithm (hash) SHA1 in the user login component.
What users can do
The government body has advised users to download and install the latest versions of these apps from the respective app stores — Play Store for Andoid and App Store for iPhone and iPads.
That said, updates for both the apps are already available. So, you can download the Upgrade to AppSamvid version 2.0.2 or later and USB Pratirodh version 3.1.3 or later to stay protected from the mentioned security flaws within these apps.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Montenegro court rejects Do Kwon’s extradition appeal

Montenegro’s Constitutional Court rejected Do Kwon’s appeal, backing...

Deeptech Startup Proxgy Ropes In Ajinkya Rahane As Investor

SUMMARY Delhi NCR-based deeptech startup Proxgy has secured fresh...

IPO-Bound IndiQube’s Loss Widens 72% To INR 341.5 Cr...

SUMMARY The coworking space provider's operating revenue jumped 44%...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!