CVE-2019-6024

Published: Dec 26, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.

Affected (2)

Products: Rakuten: Rakuma

Rakuten

1 product

Rakuma

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Rakuten Rakuma	Up to 7.15.0
Rakuten Rakuma	Up to 7.16.4

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

http://jvn.jp/en/jp/JVN41566067/index.html

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998

Source: vultures@jpcert.or.jp

ProductRelease Notes

https://play.google.com/store/apps/details?id=jp.co.fablic.fril&hl=en

Source: vultures@jpcert.or.jp

Product

http://jvn.jp/en/jp/JVN41566067/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998

Source: af854a3a-2127-422b-91ae-364da2661108

ProductRelease Notes

https://play.google.com/store/apps/details?id=jp.co.fablic.fril&hl=en

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.