Jaeho Lee

**Name of the Vulnerable Software and Affected Versions** Orbitz application version 19.31.1 **Description** The issue concerns the storage of sensitive information during the authentication process in the Orbitz application. Specifically, the `username` and `password` are stored in the log, which may be accessible to attackers via logcat, potentially allowing them to obtain these credentials. **Recommendations** For Orbitz application version 19.31.1, consider restricting access to logcat or removing sensitive information from the logs to minimize the risk of exploitation. As a temporary workaround, avoid using the application for sensitive transactions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infinite Design application version 3.4.12 **Description** The Infinite Design application sends a `username` and `password` via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network. **Recommendations** For Infinite Design application version 3.4.12, consider using a secure network connection to minimize the risk of credential interception until a patch is available. As a temporary workaround, avoid using public Wi-Fi networks for login.

**Name of the Vulnerable Software and Affected Versions** Seesaw Parent and Family application version 6.2.5 **Description** The issue concerns the storage of sensitive information during the authentication process. Specifically, the `username` and `password` are stored in the log, which may be accessible to attackers via logcat, potentially allowing them to obtain these credentials. **Recommendations** For Seesaw Parent and Family application version 6.2.5, consider restricting access to logcat or disabling the logging of sensitive information during authentication as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rapid Gator version 0.7.1 **Description** The issue concerns the storage of sensitive information during the authentication process. Specifically, the `username` and `password` are stored in the log, potentially making them accessible to attackers via logcat. **Recommendations** For Rapid Gator version 0.7.1, consider restricting access to logcat or removing sensitive information from the logs to minimize the risk of exploitation. As a temporary workaround, avoid using the application for sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerSchool Mobile application version 1.1.8 **Description** The issue concerns the storage of sensitive information during the authentication process. Specifically, the `username` and `password` are stored in the log, potentially making them accessible to attackers via logcat. **Recommendations** For PowerSchool Mobile application version 1.1.8, consider restricting access to logcat to minimize the risk of exploitation. As a temporary workaround, avoid using the application until a patch is available that properly secures the storage of `username` and `password` during authentication.

**Name of the Vulnerable Software and Affected Versions** Dark Horse Comics application version 1.3.21 **Description** The application stores token information, equivalent to the username and password, in the log during authentication. This information may be accessible to attackers via logcat, potentially allowing them to obtain sensitive user credentials. **Recommendations** For version 1.3.21, consider restricting access to logcat output to minimize the risk of exploitation. As a temporary workaround, avoid using the application for sensitive transactions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.