Vulnerabilities > CVE-2014-0647 - Credentials Management vulnerability in Starbucks 2.6.1

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

starbucks

CWE-255

NVD

Published: 2014-01-28

Updated: 2024-11-21

Summary

The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog.

Vulnerable Configurations

Part	Description	Count
Application	Starbucks Starbucks Starbucks 2.6.1	1
OS	Apple Apple Iphone OS *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Packetstorm

data source	https://packetstormsecurity.com/files/download/124768/starbucks-disclose.txt
id	PACKETSTORM:124768
last seen	2016-12-05
published	2014-01-14
reporter	Daniel E. Wood
source	https://packetstormsecurity.com/files/124768/Starbucks-2.6.1-Information-Disclosure.html
title	Starbucks 2.6.1 Information Disclosure

The Hacker News

id	THN:57BD8DED9C126917CEFA239955EC78DC
last seen	2018-01-27
modified	2014-01-20
published	2014-01-16
reporter	Sudhir K Bansal
source	https://thehackernews.com/2014/01/starbucks-ios-app-storing-user.html
title	Starbucks' iOS app storing user credentials in plain text

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

The Hacker News

References