← volver
CVE-2019-25605

EquityPandit 1.0 Insecure Logging Information Disclosure

CVSS 8.7 HIGHEPSS 0.3%CWE-612
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Play · EquityPandit

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandithttps://www.exploit-db.com/exploits/46933https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure