PT-2021-17483 · Ypsomed · Ypsomed Mylife Cloud+1
Published
2021-08-02
·
Updated
2021-08-11
·
CVE-2021-27503
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Ypsomed mylife Cloud versions prior to 1.7.2
Ypsomed mylife App versions prior to 1.7.5
Description
The application encrypts communication between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets. This allows man-in-the-middle attackers to tamper with messages.
Recommendations
For Ypsomed mylife Cloud versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue.
For Ypsomed mylife App versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ypsomed Mylife App
Ypsomed Mylife Cloud