Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-312,CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| envoy | passport | 2.2.5 |
| envoy | passport | 2.4.0 |
Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| envoy | passport | 2.2.5 |
| envoy | passport | 2.4.0 |