CVE-2019-25605

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit
https://www.exploit-db.com/exploits/46933
https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure

Configurations

No configuration.

History

15 Apr 2026, 15:00

Type	Values Removed	Values Added
Summary		(es) EquityPandit 1.0 contiene una vulnerabilidad de registro inseguro que permite a los atacantes capturar credenciales de usuario sensibles al acceder a los registros de la consola de desarrollador a través de Android Debug Bridge. Los atacantes pueden usar adb logcat para extraer contraseñas en texto plano registradas durante la función de recuperación de contraseña, exponiendo las credenciales de la cuenta de usuario.

22 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-22 14:16

Updated : 2026-04-15 15:00

NVD link : CVE-2019-25605

Mitre link : CVE-2019-25605

CVE.ORG link : CVE-2019-25605

JSON object : View

Products Affected

No product.

CWE

CWE-612

Improper Authorization of Index Containing Sensitive Information

{"id": "CVE-2019-25605", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-22T14:16:28.260", "references": [{"url": "https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46933", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-612"}]}], "descriptions": [{"lang": "en", "value": "EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials."}, {"lang": "es", "value": "EquityPandit 1.0 contiene una vulnerabilidad de registro inseguro que permite a los atacantes capturar credenciales de usuario sensibles al acceder a los registros de la consola de desarrollador a trav\u00e9s de Android Debug Bridge. Los atacantes pueden usar adb logcat para extraer contrase\u00f1as en texto plano registradas durante la funci\u00f3n de recuperaci\u00f3n de contrase\u00f1a, exponiendo las credenciales de la cuenta de usuario."}], "lastModified": "2026-04-15T15:00:32.790", "sourceIdentifier": "disclosure@vulncheck.com"}