CVE-2016-6538

Sažetak

The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Reference

http://www.securityfocus.com/bid/93874
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
https://www.kb.cert.org/vuls/id/617567
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-10-2019 - 23:19

Objavljeno

06-07-2018 - 21:29