Insecure Logging of Credentials in Orbitz Android App
CVE-2019-17355 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
Learn more about our Cis Benchmark Audit For Google Android.