Insecure Data Leakage in iOS App 2.23.0: Login and Token Exposure in Nextcloud Services

Insecure Data Leakage in iOS App 2.23.0: Login and Token Exposure in Nextcloud Services

CVE-2019-15611 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.

Learn more about our Cis Benchmark Audit For Apple Ios.