ID |
CVE-2014-0647
|
Summary |
The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 2.1 (as of 09-10-2018 - 19:42) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-255 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
refmap
via4
|
bid | 64942 | bugtraq | 20140114 [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application | fulldisc | - 20140113 [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application
- 20140117 Re: [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application
| misc | | osvdb | 102514 | xf | starbucks-cve20140647-info-disclosure(90412) |
|
Last major update |
09-10-2018 - 19:42 |
Published |
28-01-2014 - 00:55 |
Last modified |
09-10-2018 - 19:42 |