2 matches found
CVE-2019-5625
CVE-2019-5625 affects the Android Halo Home app prior to 1.11.0, where OAuth authentication and refresh tokens are stored in a clear text file. The file persists until logout or device reboot, enabling an attacker with physical access or a compromised app to impersonate the user by reusing the to...
CVE-2019-5625 Eaton Halo Home Android App Insecure Storage
The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by...