6.5

CVE-2019-13098

Exploit

EPSS 1.34%
Veröffentlicht 22.07.2019 16:15:15
Zuletzt bearbeitet 21.11.2024 04:24:10
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tronlink ≫ Wallet Version2.2.0

Google ≫ Android Version < 4.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.34%	0.676

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://pastebin.com/a5VhaxYn

Third Party Advisory

Exploit

https://pastebin.com/raw/rVGbwSw0

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-13098

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13098

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13098

EUVD