Vulnerability Note VU#439016
TaxiHail Android mobile app contains multiple vulnerabilties
Overview
Mobile Knowledge's TaxiHail is vulnerable to information disclosure and missing encryption of sensitive data.
Description
The Mobile Knowledge TaxiHail framework "allows passengers to book and manage their own reservations via iOS, android or the web in real-time, alleviating call congestion during peak busy hours." TaxiHail prior to version 3.1.26 has been reported vulnerable to the following issues: |
Impact
An unauthenticated remote attacker may be able to gain private knowledge of the app user, and sniff network traffic from the app. |
Solution
Apply an update |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Mobile Knowledge | Affected | - | 08 Dec 2015 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Temporal | 5.9 | E:POC/RL:OF/RC:C |
Environmental | 4.4 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
Credit
Thanks to the Shaftek Security Research Team for reporting this vulnerability.
This document was written by Garret Wassermann.
Other Information
- CVE IDs: Unknown
- Date Public: 08 Dec 2015
- Date First Published: 08 Dec 2015
- Date Last Updated: 08 Dec 2015
- Document Revision: 19
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.