The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the iOS device or compromise it with a malicious app.
References
Link | Resource |
---|---|
https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/ | Exploit Third Party Advisory |
https://itunes.apple.com/us/app/bc-reveal/id852676494 | Product Vendor Advisory |
https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/ | Exploit Third Party Advisory |
https://itunes.apple.com/us/app/bc-reveal/id852676494 | Product Vendor Advisory |
Configurations
History
21 Nov 2024, 04:45
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/ - Exploit, Third Party Advisory | |
References | () https://itunes.apple.com/us/app/bc-reveal/id852676494 - Product, Vendor Advisory |
Information
Published : 2019-05-22 18:29
Updated : 2024-11-21 04:45
NVD link : CVE-2019-5627
Mitre link : CVE-2019-5627
CVE.ORG link : CVE-2019-5627
JSON object : View
Products Affected
bluecats
- bc_reveal