IITB SSO Android App Backup Misconfiguration Vulnerability Allowing Data Access

A vulnerability in the IITB SSO Android App version 1.1.0 has been identified, stemming from a misconfiguration that allows unauthorized access to sensitive application data. The issue arises because the app's AndroidManifest.xml file includes 'android:allowBackup="true"', enabling access to the application's internal storage via the Android Debug Bridge (ADB). This exploitation does not require root access but allows an attacker with physical access to the device and USB debugging enabled to extract sensitive information such as authentication tokens, user session data, and configuration files, potentially leading to account compromise and violations of privacy.

Impact

Exploitation of this vulnerability could result in unauthorized access to user credentials and authentication tokens, disclosure of sensitive application data stored locally, a violation of institutional data protection guidelines, an increased risk of session hijacking and reverse engineering, and an overall degradation of the app's security posture.

Reproduction

To reproduce this vulnerability, first enable USB debugging on the Android device. Then, connect the device to a computer via USB. After establishing the connection, execute the ADB backup command targeting the IITB SSO application. This command will create a backup file containing the application's data, which can be extracted and analyzed to obtain sensitive information such as user session data and configuration details.