Default credentials

In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

Razer: Insecure Logging - OWASP (2016-M2)

The tester discovered that the Razer Pay Android application was storing user data locally on the phone in the clear. An adversary would need access to the phone to obtain this information. The application was patched to avoid storing this information in version 2.10...

Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext

What could be worse than your router leaking its administrative login credentials in plaintext? Cybersecurity researchers from Trustwave's SpiderLabs have discovered multiple security vulnerabilities in some router models from two popular manufacturers—D-Link and Comba Telecom—that involve insecu...

Vulnerabilities in D-Link, Comba Routers Can Leak Credentials

Researchers have discovered vulnerabilities in D-Link and Comba Telecom routers that can leak passwords for the devices and have the potential to affect every user on networks that use them for access. Trustwave SpiderLabs Security Researcher Simon Kenin discovered the vulnerabilities—two in a...

CVE-2019-5632

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for...

CVE-2019-5633

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS,...

CVE-2019-5633 Hickory Smart Lock Insecure Storage on iOS

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for iOS,...

CVE-2019-5632 Hickory Smart Lock Insecure Storage on Android

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for...

CVE-2018-20886

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

Design/Logic Flaw

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

Send Anywhere application for Android trust management issue vulnerability

Send Anywhere application for Android is a file transfer application based on Android platform. A trust management issue vulnerability exists in version 9.4.18 of the Send Anywhere application for the Android platform, which stems from a failure of the program to securely store information, which...

CVE-2019-13096

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...

Design/Logic Flaw

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...

CVE-2019-13096

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...

CVE-2019-13100

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...

Default credentials

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/sharedprefs/sendanywheredevice.xml...

Default credentials

The Momo application 2.1.9 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat...

CVE-2019-13096

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...

CVE-2019-13099

The Momo application 2.1.9 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat...

CVE-2019-13099

The CVE-2019-13099 entry concerns the Momo Android app (version 2.1.9) storing confidential data in cleartext on the device, enabling a non-root user to retrieve usernames, passwords, and access tokens via Logcat. Root cause is insecure data storage; impact is exposure of user credentials. The co...