go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

udn News App - Insecure Data Storage

TVN ID TVN-202406018
CVE ID CVE-2024-6295
CVSS 3.9 (Low)
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products udn News App berfore version 4.20.1.
Description udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.
Solution Updated to version 4.20.1 or later.
Credit CHING-YEN, TSENG
Public Date 2024-06-25
Top