CVE-2019-25605

Summary

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

Affected Software

VendorProductVersion RangeStatus
PlayEquityPandit1.0affected

Weaknesses

  • CWE-612: Improper Authorization of Index Containing Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References