Insecure Logging of Credentials in DoorDash Android App

Insecure Logging of Credentials in DoorDash Android App

CVE-2019-17397 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Learn more about our Cis Benchmark Audit For Google Android.