udn News Android APP stores the unencrypted user session in the local database when user log into the application. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.
udn News Android APP stores the user session in logcat file when user log into the APP. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.