Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VeryFitPro 授权问题漏洞
Vulnerability Description
VeryFitPro是中国深圳市爱都科技有限公司的一款功能强大的健康管理软件,需要搭配同品牌智能手环使用,使用app用户可以实时查看行走步数、消耗卡里路、睡眠质量等信息。 VeryFitPro 3.2.8 存在安全漏洞,该漏洞源于应用在设备本地对帐户密码进行哈希处理,并在与后端 API 的所有通信中使用哈希进行身份验证,包括登录、注册和更改密码。拥有散列的攻击者利用该漏洞可以接管用户的账户。
CVSS Information
N/A
Vulnerability Type
N/A