Insecure Logging of Credentials in Orbitz Android App

Insecure Logging of Credentials in Orbitz Android App

CVE-2019-17355 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Learn more about our Cis Benchmark Audit For Google Android.