exploitDog

CVE-2024-12604

Опубликовано: 10 мар. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.

Ссылки

https://docs.tapandsign.com/tap-and-sign/tap-and-sign-v.1.025-surum-notlari
Release Notes
https://www.usom.gov.tr/bildirim/tr-25-0063
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tapandsign:tap\&sign:*:*:*:*:*:*:*:*

Версия до 1.025 (исключая)

EPSS

Процентиль: 16%

0.00051

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-526

CWE-312

Связанные уязвимости

GHSA-6rg8-wqvx-ghg5

CVSS3: 7.3

github

11 месяцев назад

Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.

EPSS

Процентиль: 16%

0.00051

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-526

CWE-312