Vulnerability Details CVE-2019-14808
An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.3%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/154772/RENPHO-3.0.0-Information-Disclosure.html
- https://apps.apple.com/us/app/renpho/id1219889310
- https://renpho.com/pages/contact-us
- http://packetstormsecurity.com/files/154772/RENPHO-3.0.0-Information-Disclosure.html
- https://apps.apple.com/us/app/renpho/id1219889310
- https://renpho.com/pages/contact-us