PT-2019-15127 · Seesaw · Seesaw Parent/Family

Jaeho Lee

Published

2019-10-15

Updated

2019-10-18

CVE-2019-17394

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Seesaw Parent and Family application version 6.2.5

Description The issue concerns the storage of sensitive information during the authentication process. Specifically, the username and password are stored in the log, which may be accessible to attackers via logcat, potentially allowing them to obtain these credentials.

Recommendations For Seesaw Parent and Family application version 6.2.5, consider restricting access to logcat or disabling the logging of sensitive information during authentication as a temporary workaround until a patch is available.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2019-17394

Affected Products

Seesaw Parent/Family

PT-2019-15127 · Seesaw · Seesaw Parent/Family

CVE-2019-17394

Weakness Enumeration

Related Identifiers

Affected Products

References · 3