CVE-2016-6547 Zizai Tech Nut stores the account password in cleartext

2018-07-1320:00:00

CWE-313

certcc

www.cve.org

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.7%

JSON

The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.

CNA Affected

[
  {
    "product": "Tech Nut Mobile Application",
    "vendor": "Zizai Technology",
    "versions": [
      {
        "status": "unknown",
        "version": "N/A"
      }
    ]
  }
]

References

blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/

www.kb.cert.org/vuls/id/402847

www.securityfocus.com/bid/93877