Vulnerability Description
The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Starbucks | Starbucks | 2.6.1 |
| Apple | Iphone Os | All versions |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Jan/123
- http://seclists.org/fulldisclosure/2014/Jan/64
- http://www.osvdb.org/102514
- http://www.securityfocus.com/archive/1/530756/100/0/threaded
- http://www.securityfocus.com/bid/64942
- http://www.zdnet.com/starbucks-fixes-ios-app-bugs-7000025323/
- http://www.zdnet.com/the-starbucks-bug-not-as-awful-as-reported-7000025269/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90412
- https://itunes.apple.com/us/app/starbucks/id331177714?mt=8
- http://seclists.org/fulldisclosure/2014/Jan/123
- http://seclists.org/fulldisclosure/2014/Jan/64
- http://www.osvdb.org/102514
- http://www.securityfocus.com/archive/1/530756/100/0/threaded
- http://www.securityfocus.com/bid/64942
- http://www.zdnet.com/starbucks-fixes-ios-app-bugs-7000025323/
FAQ
What is CVE-2014-0647?
CVE-2014-0647 is a vulnerability with a CVSS score of 2.1 (LOW). The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which all...
How severe is CVE-2014-0647?
CVE-2014-0647 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0647?
Check the references section above for vendor advisories and patch information. Affected products include: Starbucks Starbucks, Apple Iphone Os.