Vulnerabilities > CVE-2014-0647 - Credentials Management vulnerability in Starbucks 2.6.1

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
starbucks
apple
CWE-255

Summary

The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog.

Vulnerable Configurations

Part Description Count
Application
Starbucks
1
OS
Apple
1

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/124768/starbucks-disclose.txt
idPACKETSTORM:124768
last seen2016-12-05
published2014-01-14
reporterDaniel E. Wood
sourcehttps://packetstormsecurity.com/files/124768/Starbucks-2.6.1-Information-Disclosure.html
titleStarbucks 2.6.1 Information Disclosure

The Hacker News

idTHN:57BD8DED9C126917CEFA239955EC78DC
last seen2018-01-27
modified2014-01-20
published2014-01-16
reporterSudhir K Bansal
sourcehttps://thehackernews.com/2014/01/starbucks-ios-app-storing-user.html
titleStarbucks' iOS app storing user credentials in plain text