CVE-2016-6538

HIGH Year: 2016
CVSS v3 Score
8.8
High
CVSS v2 Score
3.3
Low
Weakness Type
CWE-313
View all →

Vulnerability Description

The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Related Vulnerabilities

CVE-2024-20448

HIGH
CVSS:8.6(High)

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitiv...

CWE-3132024

CVE-2016-6546

HIGH
CVSS:7.8(High)

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cle...

CWE-3132016

CVE-2016-6547

HIGH
CVSS:7.8(High)

The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.

CWE-3132016

CVE-2024-6785

MEDIUM
CVSS:7.1(High)

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensiti...

CWE-3132024

CVE-2024-20448

HIGH
CVSS:8.6(High)

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitiv...

CWE-3132024

CVE-2016-6546

HIGH
CVSS:7.8(High)

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cle...

CWE-3132016