The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| usaa | usaa | 3.0 |
The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| usaa | mobile_banking | * |