CVE-2024-12604

Name of the Vulnerable Software and Affected Versions Tap&Sign App versions prior to V.1.025

Description The issue concerns a Weak Password Recovery Mechanism for Forgotten Password, allowing password recovery exploitation and functionality misuse in the Tap&Sign App. It also involves cleartext storage of sensitive information in an environment variable.

Recommendations For versions prior to V.1.025, update to version V.1.025 or later to resolve the issue. As a temporary workaround, consider restricting access to the password recovery mechanism until the update is applied. Avoid using the password recovery feature in the affected versions to minimize the risk of exploitation.