Insecure Storage of Credentials in PowerSchool Mobile Application for Android

Insecure Storage of Credentials in PowerSchool Mobile Application for Android

CVE-2019-17396 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Learn more about our Cis Benchmark Audit For Google Android.