CVE-2021-32612

Published: Jun 16, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.

Affected (1)

Products: I Doo: Veryfitpro

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
I Doo Veryfitpro	Version 3.2.8

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (8)

http://seclists.org/fulldisclosure/2021/Jun/45

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US

Source: cve@mitre.org

Product

https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt

Source: cve@mitre.org

ExploitThird Party Advisory

https://trovent.io/security-advisory-2105-01

Source: cve@mitre.org

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2021/Jun/45

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://trovent.io/security-advisory-2105-01

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.