Zaloraa

**Name of the Vulnerable Software and Affected Versions** Zalora application version 6.15.1 **Description** The issue allows a non-root user to obtain the username and password of a valid user due to insecure storage of confidential information in plain text. This can be accessed via the /data/data/com.zalora.android/shared prefs/login data.xml endpoint. **Recommendations** For Zalora application version 6.15.1, consider restricting access to the login data.xml file to minimize the risk of exploitation. As a temporary workaround, avoid using the application until a secure version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.