Vulners
Lucene search
ZippyYum 3.4 Insecure Data Storage
🗓️ 08 Dec 2013 00:00:00Reported by Daniel E. WoodType 
packetstorm🔗 packetstormsecurity.com👁 26 Views
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2013-6986 | 12 Dec 201317:00 | – | cve |
 | CVE-2013-6986 | 12 Dec 201317:00 | – | cvelist |
 | EUVD-2013-6787 | 7 Oct 202500:30 | – | euvd |
 | CVE-2013-6986 | 12 Dec 201317:55 | – | nvd |
 | Design/Logic Flaw | 12 Dec 201317:55 | – | prion |
 | [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application | 30 Dec 201300:00 | – | securityvulns |
| Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities | 30 Dec 201300:00 | – | securityvulns |
| iOS applications multiple seucrity vulnereabilities | 30 Dec 201300:00 | – | securityvulns |
`Title: [CVE-2013-6986] Insecure Data Storage in Subway Ordering for
California (ZippyYum) 3.4 iOS mobile application
Published: DATE
Reported to Vendor: May 2013
CVE Reference: CVE-2013-6986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6986
CVSS v2 Base Score: 4.9
CVSS v2 Vector (AV:L/AC:L/Au:N/C:C/I:N/A:N/E:H/RL:U/RC:C)
Credit: This issue was discovered by Daniel E. Wood
http://www.linkedin.com/in/danielewood
Vendor: ZippyYum, LLC | http://www.zippyyum.com
Application: https://itunes.apple.com/us/app/subwayoc/id510770549?mt=8
Tested Version: 3.4
File: SubwayOCKiosk.app
App Name: Subway CA Kiosk
Build Time-stamp: 2012-06-07_09-20-17
1. Introduction: Subway CA is a mobile application available both on iOS
and Android based devices that allows customers to build and order food
menu items that can be paid for through the application using a payment
card such as a debit or credit card.
2. Vulnerability Description: The application stores sensitive data
insecurely to cache files located within ../Caches/com.ZippyYum.SubwayOC/
directory on the device.
Loading Cache.db and/or Cache.db-wal in a tool that can read sqlite
databases (such as RazorSQL) will allow a malicious user to read
unencrypted sensitive data stored in clear-text.
Sensitive data elements found within Cache.db and Cache.db-wal:
- password and encryptionKey for the application/user account
- customerPassword
- customerEmail
- deliveryStreet
- deliveryState
- deliveryZip
- paymentMethod
- paymentCardType
- paymentCardNumber
- paymentSecurityCode
- paymentExpMonth
- paymentExpYear
- paymentBillingCode
- customerPhone
- longitude (of device)
- latitude (of device)
- email
3. Vulnerability History:
May 9, 2013: Vulnerability identification
May 15, 2013: Unofficial vendor notification
August 4, 2013: Official vendor notification via report
September 20, 2013: Vulnerability remediation notification*
December 7, 2013: Vulnerability disclosure
*Current Version: 3.7.1 (Tested: only customerName, customerEmail,
customerPhone, location, paymentCardType are in clear-text within
Subway.sqlite-wal)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Dec 2013 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.0007