CVE-2019-25605 PUBLISHED

EquityPandit 1.0 Insecure Logging Information Disclosure

Assigner: VulnCheck
Reserved: 22.03.2026 Published: 22.03.2026 Updated: 22.03.2026

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Play
Product EquityPandit
Versions
  • Version 1.0 is affected

Credits

  • ManhNho finder

References

Problem Types

  • Improper Authorization of Index Containing Sensitive Information CWE