CVE-2021-32612
HIGHVeryFitPro 3.2.8 - Cleartext Transmission of Sensitive Information via HTTP
Title source: llmDescription
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://trovent.io/security-advisory-2105-01
Exploit, Third Party Advisory x_refsource_misc
https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt
Product x_refsource_misc
https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Jun/45
Scores
CVSS v3
8.1
EPSS
0.0109
EPSS Percentile
61.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-319
Status
published
Products (1)
i-doo/veryfitpro
3.2.8
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026