Local Information Disclosure in Envoy Passport for Android and iPhone
CVE-2018-17500

2.9LOW

Key Information:

Vendor: Envoy
Status: Envoy Passport For Iphone; Envoy Passport For Android
Vendor: CVE Published:; 21 March 2019

What is CVE-2018-17500?

The Envoy Passport applications for Android and iPhone contain a vulnerability that allows local attackers to access sensitive information due to hardcoded OAuth credentials stored in plaintext. This security flaw can be exploited by adversaries to retrieve confidential data, potentially leading to further breaches and unauthorized access to user accounts. Ensuring the proper management of sensitive information is critical to maintaining the security posture of these applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Envoy Passport for Android 2.4.0

Envoy Passport for iPhone 2.2.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/149660

vdb-entryx_refsource_XF

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Sep 25, 2018

JSON

Envoy

What is CVE-2018-17500?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.