PT-2019-15795 · Last.Fm · Last.Fm Desktop App

Publicado

2019-12-10

Atualizado

2020-08-24

CVE-2019-19251

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Last.fm desktop app (Last.fm Scrobbler) versions through 2.1.39

Description The issue concerns the Last.fm desktop app making HTTP requests that include an API key without using SSL/TLS. Although there is an option to enable SSL, it is disabled by default, resulting in cleartext requests as soon as the app starts.

Recommendations For versions through 2.1.39, enable the SSL option to secure requests and protect the API key.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-1188

Identificadores relacionados

CVE-2019-19251

Produtos afetados

Last.Fm Desktop App

PT-2019-15795 · Last.Fm · Last.Fm Desktop App

CVE-2019-19251

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3