I-Doo: Security Vulnerabilities
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-06-16