CVE-2019-25605
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Play | EquityPandit | 1.0 | affected |
Weaknesses
- CWE-612: Improper Authorization of Index Containing Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/46933
- https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit
- https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.