SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hong_kong_sushiro | Akindo-sushiro | 3.0.3 (including) | 3.0.3 (including) |
| Singapore_sushiro | Akindo-sushiro | 2.0.3 (including) | 2.0.3 (including) |
| Sushiro | Akindo-sushiro | 4.0.31 (including) | 4.0.31 (including) |
| Taiwan_sushiro | Akindo-sushiro | 2.0.3 (including) | 2.0.3 (including) |
| Thailand_sushiro | Akindo-sushiro | 2.0.3 (including) | 2.0.3 (including) |
While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for: