Описание
The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based commands over a UI-based terminal.
Ссылки
- US Government Resource
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:qardio:qardio:2.7.4:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
6.2 Medium
CVSS3
6.6 Medium
CVSS3
Дефекты
CWE-359
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.2
github
12 месяцев назад
The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based commands over a UI-based terminal.
EPSS
Процентиль: 20%
0.00064
Низкий
6.2 Medium
CVSS3
6.6 Medium
CVSS3
Дефекты
CWE-359
NVD-CWE-Other