CVE-2019-25605

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-612

Related Identifiers

CVE-2019-25605

Affected Products

Equitypandit

CVE-2019-25605

Weakness Enumeration

Related Identifiers

Affected Products

References · 4