CVE-2021-43388 : Security Advisory and Response

Unisys Cargo Mobile Application before 1.2.29 stores sensitive information in cleartext, leading to potential exposure in backups. The vulnerability has been mitigated by setting the allowBackup flag to False in the manifest.

Understanding CVE-2021-43388

Unisys Cargo Mobile Application vulnerability addressing cleartext storage of sensitive data.

What is CVE-2021-43388?

The vulnerability in Unisys Cargo Mobile Application allows sensitive data to be stored in cleartext, risking exposure in backups. The issue is resolved by ensuring the allowBackup flag is set to False in the manifest.

The Impact of CVE-2021-43388

The vulnerability could lead to exposure of sensitive information stored by the application, impacting data security and confidentiality.

Technical Details of CVE-2021-43388

Insights into the technical aspects of the vulnerability.

Vulnerability Description

Unisys Cargo Mobile Application prior to version 1.2.29 stores sensitive data in cleartext, potentially allowing exposure during backups.

Affected Systems and Versions

Product: Unisys Cargo Mobile Application
Vendor: Unisys
Affected Version: < 1.2.29

Exploitation Mechanism

The vulnerability exploits the lack of encryption for stored sensitive information, making it susceptible to exposure during backup processes.

Mitigation and Prevention

Measures to address and prevent the CVE-2021-43388 vulnerability.

Immediate Steps to Take

Update Unisys Cargo Mobile Application to version 1.2.29 or later.
Configure the allowBackup flag in the manifest to be False.

Long-Term Security Practices

Implement encryption mechanisms for sensitive data storage.
Regularly review and update security configurations to mitigate similar risks.

Patching and Updates

Apply patches provided by Unisys to address the vulnerability and ensure data security.