CVE-2018-17500

Name of the Vulnerable Software and Affected Versions Envoy Passport for Android (affected versions not specified) Envoy Passport for iPhone (affected versions not specified)

Description The issue is caused by the storage of hardcoded OAuth credentials in plaintext, allowing a local attacker to obtain sensitive information. An attacker could exploit this to gain access to sensitive information.

Recommendations For Envoy Passport for Android, consider removing or securely storing hardcoded OAuth credentials to prevent exploitation. For Envoy Passport for iPhone, consider removing or securely storing hardcoded OAuth credentials to prevent exploitation. As a temporary workaround, consider restricting access to sensitive information stored by the application until a secure method of storing OAuth credentials is implemented.