← voltar
CVE-2016-6538

TrackR Bravo mobile application stores account passwords in cleartext

EPSS 1.1%CWE-313
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 jul 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.
Produtos afetados
TrackR · Bravo Mobile Application

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/https://www.kb.cert.org/vuls/id/617567https://www.kb.cert.org/vuls/id/TNOY-AF3KCZhttp://www.securityfocus.com/bid/93874