Описание
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zalora:zalora:6.15.1:*:*:*:*:android:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-312
Связанные уязвимости
github
больше 3 лет назад
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.
EPSS
Процентиль: 38%
0.00165
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-312