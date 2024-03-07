The Indian Computer Emergency Response Team (CERT-IN) has flagged two government cybersecurity applications, USB Pratirodh 3.1.2 and AppSamvid 2.0.1 for security vulnerabilities, which could potentially allow attackers to take control of the applications. Both apps were developed by the Ministry of Electronics and Information Technology’s (MeiTY) Centre for Development of Advanced Computing (CDAC), an autonomous agency intended to carry out research in the IT sector.

AppSamvid 2.0.1 is a whitelisting software for Microsoft Windows that only allows pre-approved files to execute on a system. USB Pratirodh 3.1.2 software secures removable storage devices like USBs and hard drives with a username and password.

Both apps were flagged by CERT-IN as part of its vulnerability report on March 4. According to the report, the security risks arose due to a “weak cryptographic algorithm” in the user login component. A local attacker with administrative privileges could exploit this risk to obtain the password of both softwares on a targeted system and take control of the applications. In essence, it was possible for a hacker to take control of the AppSamvid application and execute code on the targeted system or modify the access permissions of registered users or devices on USB Pratirodh.



AppSamvid contained another vulnerability due to the usage of “vulnerable and outdated components,” which would allow an attacker to place a malicious Dynamic Link Library (DLL) on the targeted system and run arbitrary code on the targeted system. The report also suggested that updating to a more recent version of the apps may be a solution.

Operational since 2004, CERT-IN is the national nodal agency for responding to computer security incidents across the country.

