{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/insecure-logging/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["insecure-logging","credential-access","android"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eEquityPandit 1.0, an Android application, is vulnerable to insecure logging practices. Specifically, the application logs sensitive user credentials, including plaintext passwords, within the developer console logs. This vulnerability, identified as CVE-2019-25605, allows an attacker with access to the device or ADB (Android Debug Bridge) to extract these credentials. The vulnerability was reported in 2019, but publicly disclosed details and exploits surfaced more recently. Successful…\u003c/p\u003e\n","date_modified":"2026-03-23T14:00:00Z","date_published":"2026-03-23T14:00:00Z","id":"/briefs/2026-03-equitypandit-logging/","summary":"EquityPandit 1.0 contains an insecure logging vulnerability (CVE-2019-25605) that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge, specifically exposing plaintext passwords during the forgot password function.","title":"EquityPandit 1.0 Insecure Logging Vulnerability (CVE-2019-25605)","url":"https://feed.craftedsignal.io/briefs/2026-03-equitypandit-logging/"}],"language":"en","title":"CraftedSignal Threat Feed — Insecure-Logging","version":"https://jsonfeed.org/version/1.1"}