CVE-2025-56608 identifies a cryptographic weakness in the Android application "Corona Virus Tracker App India" version 1.0, developed by SourceCodester. The vulnerability stems from the use of the MD5 hashing algorithm within the app's digest authentication mechanism, specifically in the `OkHttpClientWrapper.java` file's `handleDigest()` function. The function uses `MessageDigest.getInstance("MD5")` to hash user credentials for authentication purposes. MD5 is a deprecated cryptographic hash function known for its susceptibility to collision attacks, where two different inputs produce the same hash output. This fundamental weakness undermines the integrity of the authentication process, making it vulnerable to replay attacks, spoofing, and brute-force attempts. An attacker could exploit these weaknesses to gain unauthorized access to the application or its backend services by crafting malicious authentication tokens or replaying intercepted credentials. This vulnerability is categorized under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and aligns with OWASP Mobile Top 10 risk M5 (Insufficient Cryptography) and MASVS MSTG-CRYPTO-4, which emphasize the importance of using strong, modern cryptographic primitives. The lack of a CVSS score indicates that the vulnerability has not yet been formally scored, but the technical details confirm its presence and potential impact. No known exploits are currently reported in the wild, but the inherent weaknesses of MD5 make exploitation feasible with moderate effort. The vulnerability affects the authentication mechanism of a mobile application that may handle sensitive health-related data, increasing the risk profile.

For European organizations, the impact of this vulnerability depends on the extent to which the affected application or its backend services are used within their operations or by their user base. If European healthcare providers, public health agencies, or related entities utilize this app or similar implementations, the risk includes unauthorized access to sensitive personal health information, undermining confidentiality and potentially violating GDPR requirements. Unauthorized access could also lead to data manipulation, affecting data integrity and the reliability of COVID-19 tracking information. This could erode public trust and disrupt health monitoring efforts. Additionally, if the app interfaces with broader health infrastructure or contact tracing systems, exploitation could facilitate lateral movement or further compromise. Even if the app is not widely used in Europe, the presence of such weak cryptographic practices in health-related apps signals a broader risk trend that European organizations should be vigilant about, especially given the sensitivity of health data and the regulatory environment.

To mitigate this vulnerability, developers should immediately replace the MD5 hashing algorithm with a secure, modern cryptographic hash function such as SHA-256 or better, ideally using HMAC (Hash-based Message Authentication Code) constructions for authentication tokens. The authentication mechanism should be redesigned to use proven standards like OAuth 2.0 or JWT with strong cryptographic protections. Implementing TLS for all communications is essential to prevent interception and replay attacks. Additionally, incorporating nonce values or timestamps in authentication requests can mitigate replay attacks. Regular security code reviews and static analysis should be conducted to detect weak cryptographic usage. For organizations deploying or relying on this app, it is critical to update to a patched version once available or discontinue use until remediation is complete. Monitoring for suspicious authentication attempts and enforcing multi-factor authentication where possible can further reduce risk. Finally, educating developers on secure cryptographic practices aligned with OWASP and MASVS guidelines will help prevent recurrence.