PT-2019-15127 · Seesaw · Seesaw Parent/Family

Jaeho Lee

Publicado

2019-10-15

Atualizado

2019-10-18

CVE-2019-17394

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Seesaw Parent and Family application version 6.2.5

Description The issue concerns the storage of sensitive information during the authentication process. Specifically, the username and password are stored in the log, which may be accessible to attackers via logcat, potentially allowing them to obtain these credentials.

Recommendations For Seesaw Parent and Family application version 6.2.5, consider restricting access to logcat or disabling the logging of sensitive information during authentication as a temporary workaround until a patch is available.

Exploit

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2019-17394

Produtos afetados

Seesaw Parent/Family

PT-2019-15127 · Seesaw · Seesaw Parent/Family

CVE-2019-17394

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3