CVE-2023-5879

MEDIUM Year: 2023
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-922
View all →

Vulnerability Description

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.

Related Vulnerabilities

CVE-2017-6911

MEDIUM
CVSS:6.6(Medium)

USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify t...

CWE-9222017

CVE-2018-13313

MEDIUM
CVSS:6.5(Medium)

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user kno...

CWE-9222018

CVE-2019-5632

MEDIUM
CVSS:6.5(Medium)

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain informatio...

CWE-9222019

CVE-2019-5633

MEDIUM
CVSS:6.5(Medium)

An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The application's database was found to contain information th...

CWE-9222019

CVE-2020-28911

MEDIUM
CVSS:6.5(Medium)

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.

CWE-9222020

CVE-2021-25406

MEDIUM
CVSS:6.5(Medium)

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.

CWE-9222021