PT-2012-4142 · Aniplex · Puella Magi Madoka Magica Ip

Kazuhiko Kusano

Publicado

2012-06-04

Atualizado

2012-06-06

CVE-2012-2630

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Puella Magi Madoka Magica iP application versions 1.05 and earlier

Description The issue allows remote attackers to obtain sensitive information, specifically Twitter credentials, via a crafted application. This is because the application places cleartext Twitter credentials in a log file.

Recommendations For versions 1.05 and earlier, consider removing or restricting access to the log file that contains the cleartext Twitter credentials until a fix is available. As a temporary workaround, avoid using the application with Twitter credentials enabled.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255

Identificadores relacionados

CVE-2012-2630

Produtos afetados

Puella Magi Madoka Magica Ip

PT-2012-4142 · Aniplex · Puella Magi Madoka Magica Ip

CVE-2012-2630

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3