CVE-2019-17355 : What You Need to Know

In the Orbitz Android app version 19.31.1, the username and password used for authentication are stored in the log, potentially accessible to attackers via logcat.

Understanding CVE-2019-17355

This CVE identifies a security issue in the Orbitz Android app version 19.31.1 that exposes user credentials in log information.

What is CVE-2019-17355?

The vulnerability in the Orbitz Android app version 19.31.1 allows attackers to potentially access user credentials stored in the logcat.

The Impact of CVE-2019-17355

The exposure of sensitive information like usernames and passwords can lead to unauthorized access to user accounts and compromise personal data.

Technical Details of CVE-2019-17355

This section provides more technical insights into the vulnerability.

Vulnerability Description

The issue lies in the storage of authentication credentials (username and password) in plain text in the log files of the Orbitz Android app version 19.31.1.

Affected Systems and Versions

Affected System: Orbitz Android app version 19.31.1
Affected Versions: All instances of version 19.31.1

Exploitation Mechanism

Attackers can exploit this vulnerability by accessing the logcat information on the device where the Orbitz app is installed, potentially retrieving user credentials.

Mitigation and Prevention

Protecting against this vulnerability requires immediate actions and long-term security practices.

Immediate Steps to Take

Users should avoid using sensitive credentials on the Orbitz Android app version 19.31.1 until a patch is available.
Regularly monitor accounts for any suspicious activities.

Long-Term Security Practices

Use strong, unique passwords for all accounts.
Enable two-factor authentication where possible to add an extra layer of security.

Patching and Updates

Update the Orbitz Android app to the latest version that addresses this vulnerability.
Follow best practices for secure password management to mitigate risks.