CVE-2019-8350

MEDIUM

Simple Better Banking < 2.45.3 - Insufficiently Protected Credentials

Title source: rule

Description

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password.

References (2)

[Third Party Advisory] https://www.bishopfox.com/news/2019/02/simple-better-banking-android-v-2-45-0-2-45-3-sensitive-information-disclosure/

[Vendor Advisory] https://www.simple.com/policies/security

Scores

CVSS v3 6.6

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

simple/better_banking < 2.45.3

Timeline

Published May 13, 2019

Tracked Since Feb 18, 2026