CVE-2013-0128 - The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iO

CVE Details

CVE-2013-0128

Summary

The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to an e-mail endpoint.

References

http://www.kb.cert.org/vuls/id/704916

Vulnerable Configurations

cpe:2.3:a:tigertext:tigertext:3.1:-:*:*:*:iphone_os:*:*
cpe:2.3:a:tigertext:tigertext:3.1:-:*:*:*:iphone_os:*:*

CVSS

Base:	5.0 (as of 05-04-2013 - 04:00)
Impact:	2.9
Exploitability:	10.0

CWE

CWE-255

CAPEC

Click the CAPEC title to display a description

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

cert-vn

VU#704916

Last major update

05-04-2013 - 04:00

Published

04-04-2013 - 19:55

Last modified

05-04-2013 - 04:00