Maharashtra State Electricity Distribution Company Limited Mahavitran iOS Application Sensitive Information Exposure Vulnerability

A vulnerability exists in the Maharashtra State Electricity Distribution Company Limited (MSEB) iOS application, all versions through 16.1. The application improperly uses the GET method to transmit sensitive user information, including account names and passwords. This flaw can lead to exposure of credentials through various channels such as browser history, web server logs, referrer headers, and network interception.

Impact

Exploitation of this vulnerability allows for sensitive user credentials to be exposed in plaintext, creating a risk of unauthorized access to user accounts.

Reproduction

To reproduce this vulnerability, install Burp Suite to monitor network traffic. Then, open the MSEB iOS application and attempt to log in. Burp Suite will capture the GET request containing the password, revealing the login credentials in plaintext.