This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mogify Infotech
Mogify Infotech tinxy Mobile App |
|
CPEs | cpe:2.3:a:mogify_infotech:tinxy_mobile_app:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mogify Infotech
Mogify Infotech tinxy Mobile App |
|
Metrics |
ssvc
|
Thu, 05 Dec 2024 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. | |
Title | Information Disclosure Vulnerability in Tinxy | |
Weaknesses | CWE-312 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-In
Published: 2024-12-05T12:27:41.540Z
Updated: 2024-12-05T17:08:43.062Z
Reserved: 2024-12-03T11:39:35.089Z
Link: CVE-2024-12094
Vulnrichment
Updated: 2024-12-05T17:08:34.788Z
NVD
Status : Received
Published: 2024-12-05T13:15:05.923
Modified: 2024-12-05T13:15:05.923
Link: CVE-2024-12094
Redhat
No data.