CVE-2019-14808

Name of the Vulnerable Software and Affected Versions RENPHO application version 3.0.0

Description The issue concerns the transmission of JSON data without encryption and integrity checks. Specifically, when a user updates personal data in the profile tab, such as their birthday, or logs into their account, exposing their credentials, this data is sent unencrypted to a server.

Recommendations For RENPHO application version 3.0.0, consider avoiding changes to personal data and refraining from logging into the account until a secure version is available. As a temporary workaround, restrict the use of the profile update and login features to minimize the risk of data exposure.