16 matches found
EUVD-2019-4640
Malware in sbrugna...
EUVD-2019-4638
Malware in sbrugna...
CVE-2019-13098
The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...
CVE-2019-13096
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...
TronLink Wallet Trust Management Issues Vulnerability
TronLink Wallet is a cryptocurrency wallet application. A trust management issue vulnerability exists in TronLink Wallet version 2.2.0, which can be exploited to read and use a user's keystore to gain unauthorized access with /data/data/com.tronlink.wallet/sharedprefs/.xml...
TronLink Wallet Log Information Disclosure Vulnerability
TronLink Wallet is a cryptocurrency wallet application. A log information disclosure vulnerability exists in TronLink Wallet version 2.2.0, which originates when the CreateWalletTwoActivity class is called and the program stores the user's password in a log via the registry, which can be exploite...
CVE-2019-13096
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...
CVE-2019-13096
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...
Design/Logic Flaw
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...
CVE-2019-13098
The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...
CVE-2019-13098
The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...
Default credentials
The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...
CVE-2019-13096
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/sharedprefs/.xml to gain unauthorized access...
CVE-2019-13096
CVE-2019-13096 affects TronLink Wallet 2.2.0. The vulnerability arises from storing the user keystore in plaintext in insecure storage, allowing an attacker to read and reuse a valid user’s keystore via /data/data/com.tronlink.wallet/shared_prefs/.xml and gain unauthorized access. Publicly availa...
CVE-2019-13098
The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...
CVE-2019-13098
The CVE describes a password disclosure in TronLink Wallet 2.2.0 where the user password is logged during CreateWalletTwoActivity, allowing other authenticated apps/users with access to the device log (Logcat) to read it. The issue is tied to logging sensitive data and, on Android versions before...