CVE-2018-17499

Summary

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.

Affected Software

VendorProductVersion RangeStatus
EnvoyEnvoy Passport for iPhone2.2.5affected
EnvoyEnvoy Passport for Android2.4.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References