6.5

CVE-2019-13098

Exploit

EPSS 0.56%
Veröffentlicht 22.07.2019 16:15:15
Zuletzt bearbeitet 21.11.2024 04:24:10
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tronlink ≫ Wallet Version2.2.0

Google ≫ Android Version < 4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.672

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://pastebin.com/a5VhaxYn

Third Party Advisory

Exploit

https://pastebin.com/raw/rVGbwSw0

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-13098

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13098

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13098

EUVD