First published: Tue Dec 07 2021(Updated: )
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahadiscom Mahavitaran | <=7.50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41716 is a vulnerability in the Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior that allows remote account takeover due to OTP fixation vulnerability in the password reset function.
The severity of CVE-2021-41716 is critical, with a severity value of 9.8.
CVE-2021-41716 affects the Maharashtra State Electricity Board Mahavitara Android Application version 8.20 and prior, allowing remote account takeover through OTP fixation vulnerability in the password reset function.
To protect yourself from CVE-2021-41716, make sure to keep your Maharashtra State Electricity Board Mahavitara Android Application updated to the latest version and avoid performing password resets using untrusted networks or connections.
Yes, you can find reference material on the vulnerability at the following links: [http://maharashtra.com](http://maharashtra.com) and [https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/](https://cvewalkthrough.com/cve-2021-41716-mahavitaran-android-application-account-take-over-via-otp-fixation/)