Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions. This makes the authentication mechanism vulnerable to replay, spoofing, or brute-force attacks, potentially leading to unauthorized access. The vulnerability corresponds to CWE-327 and aligns with OWASP M5: Insufficient Cryptography and MASVS MSTG-CRYPTO-4.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SourceCodester Android Corona Virus Tracker App for India 安全漏洞
Vulnerability Description
SourceCodester Android Corona Virus Tracker App for India是SourceCodester开源的一个新病毒追踪应用。 SourceCodester Android Corona Virus Tracker App for India 1.0版本存在安全漏洞,该漏洞源于使用MD5进行摘要认证,可能导致未经授权访问。
CVSS Information
N/A
Vulnerability Type
N/A