18 matches found
EUVD-2021-19450
Malware in sbrugna...
EUVD-2021-23062
Malware in sbrugna...
CVE-2021-36460
VeryFitPro com.veryfit2hr.second 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's...
CVE-2021-32612
The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...
CVE-2021-36460
VeryFitPro com.veryfit2hr.second 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's...
CVE-2021-36460
VeryFitPro com.veryfit2hr.second 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's...
Design/Logic Flaw
VeryFitPro com.veryfit2hr.second 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's...
CVE-2021-36460
VeryFitPro com.veryfit2hr.second 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's...
CVE-2021-36460
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the user’s password locally on the device and uses that hash to authenticate in all backend API communications (login, registration, password changes). An attacker who obtains the hash can take over the user’s account, nullifying the benefit of pass...
VeryFitPro 授权问题漏洞
VeryFitPro is a powerful health management software from Shenzhen Aidu Technology Co., Ltd. in China, which needs to be used with the same brand of smart bracelet, using the app users can view the number of steps taken, calories burned, sleep quality and other information in real time. VeryFitPro...
PT-2022-10515 · Unknown · Veryfitpro
Name of the Vulnerable Software and Affected Versions: VeryFitPro version 3.2.8 Description: The issue allows an attacker in possession of a hashed password to take over a user's account. This is because the password is hashed locally on the device and the hash is used for authentication with the...
Exploit for Improper Authentication in Veryfitpro_Project Veryfitpro
CVE-2021-36460 NVD CVE-2021-36460: https://nvd.nist.gov/vuln/...
VeryFitPro 3.2.8 Insecure Transit
Trovent Security Advisory 2105-01 Unencrypted cleartext transmission of sensitive information Overview Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application...
CVE-2021-32612
The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...
CVE-2021-32612
The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...
CVE-2021-32612
The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...
CVE-2021-32612
The CVE-2021-32612 entry concerns the VeryFitPro Android app (package com.veryfit2hr.second, version 3.2.8). The connected sources confirm that the app performs all communication with the backend API over cleartext HTTP, including login, registration, and password-change requests. Root cause stat...
VeryFitPro 加密问题漏洞
VeryFitPro is a powerful health management software from China's Shenzhen Aidu Technology Co., Ltd. that needs to be used with the same brand of smart bracelet, using the app users can view the number of steps taken, calories burned, sleep quality and other information in real time. There is an...