The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-10T14:26:52
Updated: 2024-08-05T02:09:39.524Z
Reserved: 2019-11-25T00:00:00
Link: CVE-2019-19251
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-10T15:15:12.713
Modified: 2024-11-21T04:34:25.597
Link: CVE-2019-19251
Redhat
No data.