CVE-2017-14486

Name of the Vulnerable Software and Affected Versions Vibease Wireless Remote Vibrator app for Android (affected versions not specified) Vibease Chat app for iOS (affected versions not specified)

Description The issue allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic, due to the use of cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers.

Recommendations For the Vibease Wireless Remote Vibrator app for Android, consider disabling the PLAIN SASL mechanism until a secure authentication method is implemented. For the Vibease Chat app for iOS, avoid using the app to send sensitive information over unsecured networks until the issue is resolved. As a temporary workaround, restrict access to the XMPP traffic to minimize the risk of exploitation.