Vulnerabilities > CVE-2013-4873 - Credentials Management vulnerability in Yahoo Tumblr 3.4.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

yahoo

CWE-255

NVD

Published: 2013-07-18

Updated: 2024-11-21

Summary

The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Configurations

Part	Description	Count
Application	Yahoo Yahoo Tumblr 3.4.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://osvdb.org/95374
http://osvdb.org/95374
http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users
http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users
http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/
http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/
https://exchange.xforce.ibmcloud.com/vulnerabilities/85823
https://exchange.xforce.ibmcloud.com/vulnerabilities/85823
https://itunes.apple.com/us/app/tumblr/id305343404
https://itunes.apple.com/us/app/tumblr/id305343404