PT-2012-4142 · Aniplex · Puella Magi Madoka Magica Ip

Kazuhiko Kusano

Published

2012-06-04

Updated

2012-06-06

CVE-2012-2630

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Puella Magi Madoka Magica iP application versions 1.05 and earlier

Description The issue allows remote attackers to obtain sensitive information, specifically Twitter credentials, via a crafted application. This is because the application places cleartext Twitter credentials in a log file.

Recommendations For versions 1.05 and earlier, consider removing or restricting access to the log file that contains the cleartext Twitter credentials until a fix is available. As a temporary workaround, avoid using the application with Twitter credentials enabled.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2012-2630

Affected Products

Puella Magi Madoka Magica Ip

PT-2012-4142 · Aniplex · Puella Magi Madoka Magica Ip

CVE-2012-2630

Weakness Enumeration

Related Identifiers

Affected Products

References · 3