← voltar
CVE-2019-25605

EquityPandit 1.0 Insecure Logging Information Disclosure

CVSS 8.7 HIGHEPSS 0.3%CWE-612
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Play · EquityPandit

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandithttps://www.exploit-db.com/exploits/46933https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure