PT-2019-13849 · Renpho · Renpho

Published

2019-10-09

Updated

2021-07-21

CVE-2019-14808

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions RENPHO application version 3.0.0

Description The issue concerns the transmission of JSON data without encryption and integrity checks. Specifically, when a user updates personal data in the profile tab, such as their birthday, or logs into their account, exposing their credentials, this data is sent unencrypted to a server.

Recommendations For RENPHO application version 3.0.0, consider avoiding changes to personal data and refraining from logging into the account until a secure version is available. As a temporary workaround, restrict the use of the profile update and login features to minimize the risk of data exposure.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2019-14808

Affected Products

Renpho

PT-2019-13849 · Renpho · Renpho

CVE-2019-14808

Weakness Enumeration

Related Identifiers

Affected Products

References · 5