CVE-2012-2630 : The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log

The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application.

Published 2012-06-04 15:55:02

Updated 2012-06-06 04:00:00

Source JPCERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-2630

Probability of exploitation activity in the next 30 days: 0.18%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-2630

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-2630

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2630

http://jvn.jp/en/jp/JVN23328321/index.html

JVN#23328321: Puella Magi Madoka Magica iP for Android vulnerable to information disclosure
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000054

JVNDB-2012-000054 - JVN iPedia - 脆弱性対策情報データベース

Products affected by CVE-2012-2630

Bandainamcogames » Madomagi-ip Android » Version: 1.05
cpe:2.3:a:bandainamcogames:madomagi-ip_android:1.05:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-2630

Exploit prediction scoring system (EPSS) score for CVE-2012-2630

CVSS scores for CVE-2012-2630

CWE ids for CVE-2012-2630

References for CVE-2012-2630

Products affected by CVE-2012-2630