← voltar
CVE-2019-19251

CVE-2019-19251

EPSS 0.7%
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://getsatisfaction.com/lastfm/topics/why-doesnt-the-macos-client-enable-ssl-by-default-c1nh5k1s054ak