An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Sep 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-03T00:00:00
Updated: 2024-09-05T15:03:54.184Z
Reserved: 2023-06-25T00:00:00
Link: CVE-2023-36620
Vulnrichment
Updated: 2024-08-02T16:52:54.055Z
NVD
Status : Modified
Published: 2023-11-03T04:15:21.023
Modified: 2024-09-05T15:35:09.477
Link: CVE-2023-36620
Redhat
No data.