RSS   Vulnerabilities for 'Last.fm desktop'   RSS

2019-12-10
 
CVE-2019-19251

CWE-20
 

 
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.

 


Copyright 2024, cxsecurity.com

 

Back to Top