Unencrypted Transmission of Personal Data in RENPHO iOS App

Unencrypted Transmission of Personal Data in RENPHO iOS App

CVE-2019-14808 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials).

Learn more about our Cis Benchmark Audit For Apple Ios.