Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TimelyBills 安全漏洞
Vulnerability Description
TimelyBills是美国TimelyBills公司的一个手机应用APP。一个财务管理软件。 TimelyBills for iOS 1.7.0版本及之前版本和1.21.115版本及之前版本存在安全漏洞,该漏洞源于文件或磁盘上的明文存储,攻击者可利用该漏洞在本地读取用户文件时,获得用户帐户的JWT令牌。
CVSS Information
N/A
Vulnerability Type
N/A