CVE-2019-5627

The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bluecats:bc_reveal:*:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 04:45

Type Values Removed Values Added
References () https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/ - Exploit, Third Party Advisory () https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/ - Exploit, Third Party Advisory
References () https://itunes.apple.com/us/app/bc-reveal/id852676494 - Product, Vendor Advisory () https://itunes.apple.com/us/app/bc-reveal/id852676494 - Product, Vendor Advisory

Information

Published : 2019-05-22 18:29

Updated : 2024-11-21 04:45


NVD link : CVE-2019-5627

Mitre link : CVE-2019-5627

CVE.ORG link : CVE-2019-5627


JSON object : View

Products Affected

bluecats

  • bc_reveal
CWE
CWE-922

Insecure Storage of Sensitive Information

CWE-522

Insufficiently Protected Credentials