Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by i-doo
CVE-2021-32612 (GCVE-0-2021-32612)
Vulnerability from cvelistv5 – Published: 2021-06-16 11:53 – Updated: 2024-08-03 23:25
VLAI
EPSS
VEX
Summary
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://trovent.io/security-advisory-2105-01 | x_refsource_MISC |
| https://trovent.github.io/security-advisories/TRS… | x_refsource_MISC |
| https://play.google.com/store/apps/details?id=com… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2021/Jun/45 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trovent.io/security-advisory-2105-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second\u0026hl=en_US\u0026gl=US"
},
{
"name": "20210618 Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T17:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trovent.io/security-advisory-2105-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second\u0026hl=en_US\u0026gl=US"
},
{
"name": "20210618 Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/45"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trovent.io/security-advisory-2105-01",
"refsource": "MISC",
"url": "https://trovent.io/security-advisory-2105-01"
},
{
"name": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt",
"refsource": "MISC",
"url": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt"
},
{
"name": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second\u0026hl=en_US\u0026gl=US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second\u0026hl=en_US\u0026gl=US"
},
{
"name": "20210618 Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jun/45"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32612",
"datePublished": "2021-06-16T11:53:54.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:25:30.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32612 (GCVE-0-2021-32612)
Vulnerability from nvd – Published: 2021-06-16 11:53 – Updated: 2024-08-03 23:25
VLAI
EPSS
VEX
Summary
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://trovent.io/security-advisory-2105-01 | x_refsource_MISC |
| https://trovent.github.io/security-advisories/TRS… | x_refsource_MISC |
| https://play.google.com/store/apps/details?id=com… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2021/Jun/45 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trovent.io/security-advisory-2105-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second\u0026hl=en_US\u0026gl=US"
},
{
"name": "20210618 Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T17:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trovent.io/security-advisory-2105-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second\u0026hl=en_US\u0026gl=US"
},
{
"name": "20210618 Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/45"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trovent.io/security-advisory-2105-01",
"refsource": "MISC",
"url": "https://trovent.io/security-advisory-2105-01"
},
{
"name": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt",
"refsource": "MISC",
"url": "https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt"
},
{
"name": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second\u0026hl=en_US\u0026gl=US",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.veryfit2hr.second\u0026hl=en_US\u0026gl=US"
},
{
"name": "20210618 Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jun/45"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32612",
"datePublished": "2021-06-16T11:53:54.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:25:30.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}