Vulnerabilities > CVE-2019-14808 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Renpho 3.0.0

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
renpho
CWE-924

Summary

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).

Vulnerable Configurations

Part Description Count
Application
Renpho
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/154772/renpho300-disclose.txt
idPACKETSTORM:154772
last seen2019-10-09
published2019-10-08
reporterTim Schughart
sourcehttps://packetstormsecurity.com/files/154772/RENPHO-3.0.0-Information-Disclosure.html
titleRENPHO 3.0.0 Information Disclosure