8.8
CVE-2016-6538
- EPSS 1.06%
- Veröffentlicht 06.07.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:56:18
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginTrackR Bravo mobile application stores account passwords in cleartext
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Thetrackr ≫ Trackr Bravo Firmware SwPlatformandroid Version < 2.2.5
Thetrackr ≫ Trackr Bravo Firmware SwPlatformiphone_os Version < 5.1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.06% | 0.6 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 3.3 | 6.5 | 2.9 |
AV:A/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-313 Cleartext Storage in a File or on Disk
The product stores sensitive information in cleartext in a file, or on disk.
http://www.securityfocus.com/bid/93874
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
https://www.kb.cert.org/vuls/id/617567
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ