[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0647Date: (C)2014-01-28   (M)2023-12-22


The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
OSVDB-102514
http://seclists.org/fulldisclosure/2014/Jan/64
http://www.securityfocus.com/archive/1/530756/100/0/threaded
http://seclists.org/fulldisclosure/2014/Jan/123
BID-64942
http://www.zdnet.com/starbucks-fixes-ios-app-bugs-7000025323/
http://www.zdnet.com/the-starbucks-bug-not-as-awful-as-reported-7000025269/
https://itunes.apple.com/us/app/starbucks/id331177714?mt=8
starbucks-cve20140647-info-disclosure(90412)

CPE    1
cpe:/a:starbucks:starbucks:2.6.1
CWE    1
CWE-255

© SecPod Technologies