In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
References
Link | Resource |
---|---|
https://pastebin.com/GgpFz3ZW | Exploit Third Party Advisory |
Configurations
Information
Published : 2019-10-15 14:15
Updated : 2019-10-17 20:17
NVD link : CVE-2019-17355
Mitre link : CVE-2019-17355
JSON object : View
CWE
CWE-532
Insertion of Sensitive Information into Log File
Products Affected
orbitz
- orbitz