CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-8350

MEDIUM
6.6
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile34.00th
Published2019年5月13日
Last Modified2024年11月21日

Vulnerability Description

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.

Affected Platforms (CPE)

📦
Simple

Better Banking

>= 2.45.0 and <= 2.45.3

References & Advisories

🔗 https://www.bishopfox.com/news/2019/02/simple-better-banking-android-v-2-45-0-2-45-3-sensitive-information-disclosure/
🔗 https://www.simple.com/policies/security
🔗 https://www.bishopfox.com/news/2019/02/simple-better-banking-android-v-2-45-0-2-45-3-sensitive-information-disclosure/
🔗 https://www.simple.com/policies/security

関連する脆弱性情報

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-420210.0

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....