PT-2018-13180 · Breustedt · Mensamax

Stefan Pietsch

Published

2018-10-02

Updated

2019-10-03

CVE-2018-15752

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MensaMax (aka com.breustedt.mensamax) version 4.3

Description The issue allows man-in-the-middle attackers to eavesdrop on authentication information between the application and the server due to cleartext transmission of sensitive information.

Recommendations For MensaMax version 4.3, consider implementing encryption for sensitive information transmission to prevent eavesdropping. As a temporary workaround, restrict the use of the application on unsecured networks to minimize the risk of exploitation.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2018-15752

Affected Products

Mensamax

PT-2018-13180 · Breustedt · Mensamax

CVE-2018-15752

Weakness Enumeration

Related Identifiers

Affected Products

References · 4