CVE-2019-5626

LOW Year: 2019
CVSS v3 Score
2.8
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-922
View all →

Vulnerability Description

The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app.

Related Vulnerabilities

CVE-2019-5625

LOW
CVSS:2.8(Low)

The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reb...

CWE-9222019

CVE-2019-5627

LOW
CVSS:2.8(Low)

The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs ou...

CWE-9222019

CVE-2023-42823

LOW
CVSS:2.7(Low)

The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ven...

CWE-9222023

CVE-2024-28808

LOW
CVSS:2.7(Low)

An issue was discovered in Infinera hiT 7300 5.60.50. Hidden functionality in the web interface allows a remote authenticated attacker to access reserved information by accessing undocumented web appl...

CWE-9222024

CVE-2019-19557

LOW
CVSS:2.4(Low)

A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.

CWE-9222019

CVE-2019-19561

LOW
CVSS:2.4(Low)

A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.

CWE-9222019