CVE-2024-12094

MEDIUM Year: 2024
Weakness Type
CWE-312
View all →

Vulnerability Description

This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. Note: To exploit this vulnerability, the device must be rooted/jailbroken.

Related Vulnerabilities

CVE-2024-36119

LOW
CVSS:1.8(Low)

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain t...

CWE-3122024

CVE-2021-36782

CRITICAL
CVSS:9.9(Critical)

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API...

CWE-3122021

CVE-2001-1481

CRITICAL
CVSS:9.8(Critical)

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

CWE-3122001

CVE-2008-0174

CRITICAL
CVSS:9.8(Critical)

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal t...

CWE-3122008

CVE-2014-5433

CRITICAL
CVSS:9.8(Critical)

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700B...

CWE-3122014

CVE-2018-18394

CRITICAL
CVSS:9.8(Critical)

Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

CWE-3122018