CVE-2014-0647

Name of the Vulnerable Software and Affected Versions Starbucks version 2.6.1

Description The issue concerns the storage of sensitive information in plaintext within a log file, specifically the Crashlytics log file located at /Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog. This allows attackers to discover usernames, passwords, and e-mail addresses by reading the session.clslog file.

Recommendations For version 2.6.1, consider restricting access to the Crashlytics log file to minimize the risk of exploitation. As a temporary workaround, avoid using the application until a patch is available that properly secures sensitive information.