Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.
References
Link | Resource |
---|---|
https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/ | Vendor Advisory |
Configurations
History
10 Jan 2024, 19:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/ - Vendor Advisory | |
CPE | cpe:2.3:a:geniecompany:aladdin_connect:*:*:*:*:*:android:*:* | |
Summary |
|
|
First Time |
Geniecompany aladdin Connect
Geniecompany |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
03 Jan 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-03 20:15
Updated : 2024-01-10 19:30
NVD link : CVE-2023-5879
Mitre link : CVE-2023-5879
CVE.ORG link : CVE-2023-5879
JSON object : View
Products Affected
geniecompany
- aladdin_connect
CWE
CWE-922
Insecure Storage of Sensitive Information