CVE-2019-14808 - An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted

CVE-2019-14808

Summary

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).

References

https://renpho.com/pages/contact-us
http://packetstormsecurity.com/files/154772/RENPHO-3.0.0-Information-Disclosure.html
https://apps.apple.com/us/app/renpho/id1219889310

Vulnerable Configurations

cpe:2.3:a:renpho:renpho:3.0.0:*:*:*:*:iphone_os:*:*
cpe:2.3:a:renpho:renpho:3.0.0:*:*:*:*:iphone_os:*:*

CVSS

Base:	4.0 (as of 21-07-2021 - 11:39)
Impact:
Exploitability:

CWE

CWE-924

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:N

refmap via4

misc

http://packetstormsecurity.com/files/154772/RENPHO-3.0.0-Information-Disclosure.html
https://apps.apple.com/us/app/renpho/id1219889310
https://renpho.com/pages/contact-us

Last major update

21-07-2021 - 11:39

Published

09-10-2019 - 16:15

Last modified

21-07-2021 - 11:39