Vulnerabilities > CVE-2020-35398 - Information Exposure Through Discrepancy vulnerability in Utimf UTI Mutual Fund Invest Online
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-username-enumeration/
- https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-username-enumeration/
- https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hl=en_IN&gl=US
- https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hl=en_IN&gl=US