3 matches found
CVE-2021-36460
VeryFitPro com.veryfit2hr.second 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's...
CVE-2021-36460
creationtimestamp| type| source ---|---|--- 2022-04-25 16:36:12+00:00| seen| https://t.me/cibsecurity/41379...
CVE-2021-36460
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the user’s password locally on the device and uses that hash to authenticate in all backend API communications (login, registration, password changes). An attacker who obtains the hash can take over the user’s account, nullifying the benefit of pass...