CVE-2019-25605

Published: Mar 22, 2026 Last Modified: Mar 22, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

612

Improper Authorization of Index Containing Sensitive Information

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Not Technology-Specific, Web Based, Web Server

View CWE Details

https://play.google.com/store/apps/details?id=com.yieldnoti…

https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit

https://www.exploit-db.com/exploits/46933

https://www.vulncheck.com/advisories/equitypandit-insecure-…

https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-…

CVE-2019-25605

Description

Improper Authorization of Index Containing Sensitive Information

Common Consequences

Applicable Platforms

Iscriviti alla newsletter