Описание
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
Ссылки
- ExploitMailing ListThird Party Advisory
- Product
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Product
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:i-doo:veryfitpro:3.2.8:*:*:*:*:android:*:*
EPSS
Процентиль: 46%
0.00235
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
github
больше 3 лет назад
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
EPSS
Процентиль: 46%
0.00235
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319