CVE-2019-6024
MEDIUMRakuma App for Android < 7.15.0 and iOS < 7.16.4 - Insufficiently Protected Credentials via Malicious Application
Title source: llmDescription
Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.
References (3)
Core 3
Core References
Product x_refsource_misc
https://play.google.com/store/apps/details?id=jp.co.fablic.fril&hl=en
Product, Release Notes x_refsource_misc
https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998
Third Party Advisory, VDB Entry x_refsource_misc
http://jvn.jp/en/jp/JVN41566067/index.html
Scores
CVSS v3
6.5
EPSS
0.0204
EPSS Percentile
78.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (2)
rakuten/rakuma
< 7.15.0
rakuten/rakuma
< 7.16.4
Published
Dec 26, 2019
Tracked Since
Feb 18, 2026