Vulnerability CVE-2021-32612


Published: 2021-06-16

Description:
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
VeryFitPro 3.2.8 Insecure Transit
Nick Decker
19.06.2021

Type:

CWE-319

(Cleartext Transmission of Sensitive Information)

 References:
https://trovent.io/security-advisory-2105-01
https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt
https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US

Copyright 2024, cxsecurity.com

 

Back to Top