CVE-2019-25605

Sažetak

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

Reference

https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit
https://www.exploit-db.com/exploits/46933
https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

22-03-2026 - 14:16

Objavljeno

22-03-2026 - 14:16