mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
867 B
867 B
CVE-2021-32612
Description
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
POC
Reference
- http://seclists.org/fulldisclosure/2021/Jun/45
- https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt
- https://trovent.io/security-advisory-2105-01
Github
No PoCs found on GitHub currently.