Android Corona Virus Tracker App For India
CVE-2025-56608
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. The handleDigest() function employs MessageDigest.getInstance("MD5") to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions. This makes the authentication mechanism vulnerable to replay, spoofing, or brute-force attacks, potentially leading to unauthorized access. The vulnerability corresponds to CWE-327 and aligns with OWASP M5: Insufficient Cryptography and MASVS MSTG-CRYPTO-4.
AnalysisAI
The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-290. The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in OkHttpClientWrapper.java. The handleDigest() function employs MessageDigest.getInstance("MD5") to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions. This makes the authentication mechanism vulnerable to replay, spoofing, or brute-force attacks, potentially leading to unauthorized access. The vulnerability corresponds to CWE-327 and aligns with OWASP M5: Insufficient Cryptography and MASVS MSTG-CRYPTO-4. Affected products include: Donbermoy Android Corona Virus Tracker App For India.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today