Unencrypted Databases in MakeMyTrip Android App: Potential Sensitive Information Disclosure

Unencrypted Databases in MakeMyTrip Android App: Potential Sensitive Information Disclosure

CVE-2018-11242 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.

Learn more about our Cis Benchmark Audit For Google Android.