PT-2018-9299 · Ionic Team · Cordova

R3Ggi

Published

2018-03-13

Updated

2018-04-16

CVE-2018-1000123

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Ionic Team Cordova plugin iOS Keychain versions before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf

Description: The issue is related to an Information Exposure Through Log Files, which can lead to the leakage of sensitive data such as login credentials and passwords. This can be exploited if an attacker has access to the victim's iOS logs.

Recommendations: For versions before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf, update to a version after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf to resolve the issue. As a temporary workaround, consider restricting access to iOS logs to minimize the risk of exploitation.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2018-1000123

Affected Products

Cordova

PT-2018-9299 · Ionic Team · Cordova

CVE-2018-1000123

Weakness Enumeration

Related Identifiers

Affected Products

References · 3