CVE-2022-37857
HIGHhauk 1.6.1 - Cleartext Storage of Sensitive Information
Title source: llmDescription
bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://gainsec.com/2022/08/07/cve-2022-hardcoded-creds-weak-password-hauk-android-location-sharing/
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/bilde2910/Hauk/issues/187
Scores
CVSS v3
7.5
EPSS
0.0037
EPSS Percentile
28.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
CWE-798
Status
published
Products (1)
hauk_project/hauk
1.6.1
Published
Sep 08, 2022
Tracked Since
Feb 18, 2026