Logging of Excessive Data

CVE-2021-25420

Medium

5.5/10

Summary

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-779 - Logging of Excessive Data

The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

References

Advisory Timeline

Published Jun 11, 2021

Logging of Excessive Data

CVE-2021-25420

Summary

CWE-779 - Logging of Excessive Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS