CVE-2018-17500
2.9
CVSS:3.0/C:L/AC:H/I:N/AV:L/A:N/PR:N/UI:N/S:U/RL:O/E:U/RC:C
Summary
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Envoy | Envoy Passport for iPhone | 2.2.5 | affected |
| Envoy | Envoy Passport for Android | 2.4.0 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.