Cleartext HTTP Communication Vulnerability in VeryFitPro (com.veryfit2hr.second) Application 3.2.8 for Android

Cleartext HTTP Communication Vulnerability in VeryFitPro (com.veryfit2hr.second) Application 3.2.8 for Android

CVE-2021-32612 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.

Learn more about our Cis Benchmark Audit For Google Android.