4 matches found
CVE-2022-24188
creationtimestamp| type| source ---|---|--- 2022-11-29 00:28:27+00:00| seen| https://t.me/cibsecurity/53611...
CVE-2022-24188
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...
CVE-2022-24188
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...
CVE-2022-24188
The CVE-2022-24188 entry concerns Ourphoto App 1.4.1, where the /device/signin endpoint returns clear-text credentials (deviceVideoCallPassword and mqttPassword). The issue is compounded by lack of session management and insecure direct object references, enabling disclosure of passwords for othe...