CVE-2019-13098

{"id": "CVE-2019-13098", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-07-22T16:15:15.737", "references": [{"url": "https://pastebin.com/a5VhaxYn", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://pastebin.com/raw/rVGbwSw0", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications."}, {"lang": "es", "value": "La contrase\u00f1a de usuario por medio del formulario de registro de TronLink Wallet versi\u00f3n 2.2.0 es almacenada en el registro cuando se llama a la clase CreateWalletTwoActivity. Otros usuarios autenticados pueden leerlo en el registro m\u00e1s adelante. Los datos registrados pueden ser le\u00eddos utilizando Logcat en el dispositivo. Cuando se usan plataformas anteriores a Android versi\u00f3n 4.1 (Jelly Bean), los datos de registro no se encuentran en un sandbox por aplicaci\u00f3n; Cualquier aplicaci\u00f3n instalada en el dispositivo tiene la capacidad de leer datos registrados por otras aplicaciones."}], "lastModified": "2019-07-24T15:03:00.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tronlink:wallet:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F091AB37-D152-41C6-9588-C62217504E78"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B6AA817-58DB-4915-9F7F-94AA7181AE5A", "versionEndExcluding": "4.1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}