Insecure Storage of Confidential Information in Zalora Android App (Version 6.15.1)

Insecure Storage of Confidential Information in Zalora Android App (Version 6.15.1)

CVE-2019-11384 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml.

Learn more about our Cis Benchmark Audit For Google Android.