ID CVE-2019-14808
Summary An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).
References
Vulnerable Configurations
  • cpe:2.3:a:renpho:renpho:3.0.0:*:*:*:*:iphone_os:*:*
    cpe:2.3:a:renpho:renpho:3.0.0:*:*:*:*:iphone_os:*:*
CVSS
Base: 4.0 (as of 18-10-2019 - 12:59)
Impact:
Exploitability:
CWE CWE-924
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:N
Last major update 18-10-2019 - 12:59
Published 09-10-2019 - 16:15
Back to Top