CVE-2021-32612

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2021/Jun/45
https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US
https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt
https://trovent.io/security-advisory-2105-01
http://seclists.org/fulldisclosure/2021/Jun/45
https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US
https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt
https://trovent.io/security-advisory-2105-01