CVE-2019-17355

Name of the Vulnerable Software and Affected Versions Orbitz application version 19.31.1

Description The issue concerns the storage of sensitive information during the authentication process in the Orbitz application. Specifically, the username and password are stored in the log, which may be accessible to attackers via logcat, potentially allowing them to obtain these credentials.

Recommendations For Orbitz application version 19.31.1, consider restricting access to logcat or removing sensitive information from the logs to minimize the risk of exploitation. As a temporary workaround, avoid using the application for sensitive transactions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.