Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker could exploit this vulnerability to obtain sensitive information.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Passport | Envoy | 2.2.5 (including) | 2.2.5 (including) |
Passport | Envoy | 2.4.0 (including) | 2.4.0 (including) |