CVE-2025-56608
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-09-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| donbermoy | android_corona_virus_tracker_app_for_india | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because the Corona Virus Tracker App India 1.0 uses the MD5 cryptographic algorithm for digest authentication, which is broken and susceptible to hash collisions. Specifically, the app's handleDigest() function uses MD5 to hash credentials, making the authentication process vulnerable to replay, spoofing, or brute-force attacks. This means attackers could potentially gain unauthorized access by exploiting weaknesses in MD5.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the application by allowing attackers to bypass authentication through replay, spoofing, or brute-force attacks. This compromises the security of user data and the integrity of the application, potentially exposing sensitive information or allowing malicious actions within the app.