high advisory March 23, 2026

EquityPandit 1.0 Insecure Logging Vulnerability (CVE-2019-25605)

EquityPandit 1.0 contains an insecure logging vulnerability (CVE-2019-25605) that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge, specifically exposing plaintext passwords during the forgot password function.

EquityPandit 1.0, an Android application, is vulnerable to insecure logging practices. Specifically, the application logs sensitive user credentials, including plaintext passwords, within the developer console logs. This vulnerability, identified as CVE-2019-25605, allows an attacker with access to the device or ADB (Android Debug Bridge) to extract these credentials. The vulnerability was reported in 2019, but publicly disclosed details and exploits surfaced more recently. Successful…

Detection coverage 2

Detect ADB Logcat Usage

medium

Detects the use of adb logcat command, often used to extract sensitive information from Android devices.

sigma tactics: credential_access techniques: T1003 sources: process_creation, windows

Suspicious Network Connection to ADB Port

low

Detects connections to the standard ADB port (5555).

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are kept inside the platform. Get full rules →