CVE-2020-6653 LOW

CVE-2020-6653: Sensitive date stored in logcat file

Vendor Eaton
Product Secure Connect Mobile App
Weakness CWE-200 · Info exposure
Published August 12, 2020
Last update September 17, 2024

CVSS base score

3.8/10
Attack vector Physical
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.

Key dates

02Disclosure timeline

August 12, 2020 CVE published
September 17, 2024 Record updated