← back
CVE-2019-25605

EquityPandit 1.0 Insecure Logging Information Disclosure

CVSS 8.7 HIGHEPSS 0.3%CWE-612
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Play · EquityPandit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandithttps://www.exploit-db.com/exploits/46933https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure