Cleartext HTTP Communication Vulnerability in VeryFitPro (com.veryfit2hr.second) Application 3.2.8 for Android
CVE-2021-32612 · HIGH Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
Learn more about our Cis Benchmark Audit For Google Android.