Mitron app, which is an alternative to TikTok, and is gaining notable popularity in a short time. The app has an vulnerability that can send messages to anyone without user’s permission. The flaw doesn’t allow any bad actor to steal personal information such as the email ID that a user has used to sign up an account on the app. However, it can be exploited to gain access to the profile of the affected user. The app is so far exclusive to Android and has reached over 50 lakh downloads on Google Play.
By exploring the vulnerability of Mitron App an attacker can send messages on behalf of the user. He says the issue exists between login process of the app that allows bad actors to gain the login ID. According to Kankrale, a cybersecurity specialist, the developers of the Mitron app is not using the secure socket layer(SSL) protocol to secure the login. Although, the app does not allow users to login with their existing Gmail ID, it processes unique login ID.
The cyber security analyst has also make a video showing the scope of the vulnerability that will be fix. He initially informs security-focused site The Hacker News about this vulnerability. The Mitron app came to highlight after the fight over TikTok. This app is is an Indian solution to counter the popularity of TikTok. Some reports claim that the app is developed by a student of IIT Roorkee. It is also report that the app is not an India app and it is bring from a Pakistani software developer firm Qboxus.