CVE-2016-6548

CVE-2016-6548: Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token

Weakness CWE-200 · Info exposure

Published July 13, 2018

Last update August 6, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.

Key dates

02Disclosure timeline

July 13, 2018 CVE published

August 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-6548 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2022-41734 IBM Maximo Asset Management information disclosure CVE-2022-41954 Temporary File Information Disclosure Vulnerability CVE-2023-50298 Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core CVE-2026-25219 Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access