CVE-2018-17500

Summary

Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.

Affected Software

VendorProductVersion RangeStatus
EnvoyEnvoy Passport for iPhone2.2.5affected
EnvoyEnvoy Passport for Android2.4.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References