CVE-2024-12094
Dec. 5, 2024, 1:15 p.m.
Tags
Product(s) Impacted
Tinxy mobile app
Description
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number.
Weaknesses
CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CWE ID: 312Date
Published: Dec. 5, 2024, 1:15 p.m.
Last Modified: Dec. 5, 2024, 1:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
vdisclose@cert-in.org.in
References
https://www.cert-in.org.in/
vdisclose@cert-in.org.in