Ching-Yen

Name of the Vulnerable Software and Affected Versions: udn News Android APP (affected versions not specified) Description: The issue concerns the storage of user sessions in the logcat file when a user logs into the udn News Android APP. This allows a malicious APP or an attacker with physical access to the Android device to retrieve the session and use it to log into the news APP and other services provided by udn. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: udn News Android APP (affected versions not specified) Description: The issue concerns the storage of unencrypted user sessions in the local database of the udn News Android APP when a user logs in. This allows a malicious APP or an attacker with physical access to the Android device to retrieve the session and use it to log into the news APP and other services provided by udn. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.