CVE-2019-17398

CRITICAL

Dark Horse Comics 1.3.21 - Sensitive Information Exposure in Log Files

Title source: llm
STIX 2.1

Description

In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://pastebin.com/5ZDDCqgL

Scores

CVSS v3 9.8
EPSS 0.0130
EPSS Percentile 66.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-532
Status published
Products (1)
darkhorse/dark_horse_comics 1.3.21
Published Oct 15, 2019
Tracked Since Feb 18, 2026