CVE-2019-8350

Name of the Vulnerable Software and Affected Versions The Simple - Better Banking application versions 2.45.0 through 2.45.3

Description The issue is related to an information disclosure problem where the user's password is leaked to the keyboard autocomplete functionality. This could allow third-party Android keyboards that capture the password to store it in cleartext or transmit it to third-party services for keyboard customization purposes. A compromise of any datastore containing keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.

Recommendations For versions 2.45.0 through 2.45.3, update to version 2.46.0 to resolve the issue. As a temporary workaround, consider disabling the keyboard autocomplete functionality for sensitive fields like passwords until the update is applied. Restrict access to third-party keyboards or use a keyboard that does not capture or store passwords to minimize the risk of exploitation.