Information Disclosure in Tumblr iOS App from Yahoo!
CVE-2013-4873

Currently unrated

Key Information:

Vendor: Yahoo
Status: Tumblr
Vendor: CVE Published:; 18 July 2013

What is CVE-2013-4873?

The Tumblr app for iOS, prior to version 3.4.1, transmits user credentials in cleartext over the network. This design flaw may lead to unauthorized access as attackers can intercept sensitive information by monitoring network traffic. Users of the application are strongly encouraged to update to the latest version to ensure that their credentials are secured and to mitigate the risk of potential data breaches.

References

http://osvdb.org/95374

vdb-entryx_refsource_OSVDB

http://staff.tumblr.com/post/55648373578/important-securi...

x_refsource_CONFIRM

https://itunes.apple.com/us/app/tumblr/id305343404

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2013
Vulnerability Reserved
Jul 18, 2013

CVE-2013-4873 Data

JSON