CVE-2013-0128 : The Contact Customer Support feature in the TigerText Free Private Texting app b

The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to obtain sensitive information by sniffing the network or leveraging access to an e-mail endpoint.

Published 2013-04-04 19:55:01

Updated 2013-04-05 04:00:00

Source CERT/CC

View at NVD, CVE.org

Products affected by CVE-2013-0128

Tigertext » Tigertext » For Iphone Os
Versions up to, including, (<=) 3.1
cpe:2.3:a:tigertext:tigertext:*:-:*:*:*:iphone_os:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-0128

EPSS FAQ

0.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 75 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-0128

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-0128

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-0128

http://www.kb.cert.org/vuls/id/704916

VU#704916 - The TigerText Free Consumer Private Texting App (iOS) sends unencrypted user information in support requests
US Government Resource

Jump to

Vulnerability Details : CVE-2013-0128

Products affected by CVE-2013-0128

Exploit prediction scoring system (EPSS) score for CVE-2013-0128

CVSS scores for CVE-2013-0128

CWE ids for CVE-2013-0128

References for CVE-2013-0128