Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
udn News App - Insecure Data Storage
Vulnerability Description
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by udn.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
敏感信息的不安全存储
Vulnerability Title
udn News 安全漏洞
Vulnerability Description
udn News是中国联合新闻(udn)公司的一个新闻应用程序。 udn News 4.20.1之前版本存在安全漏洞,该漏洞源于在用户登录应用程序时将未加密的用户会话存储在本地数据库中,恶意攻击者可以检索此会话并使用它来登录软件。
CVSS Information
N/A
Vulnerability Type
N/A