https://feed.craftedsignal.io/tags/insecure-logging/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 14:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-equitypandit-logging/Mon, 23 Mar 2026 14:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-equitypandit-logging/EquityPandit 1.0 contains an insecure logging vulnerability (CVE-2019-25605) that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge, specifically exposing plaintext passwords during the forgot password function.<p>EquityPandit 1.0, an Android application, is vulnerable to insecure logging practices. Specifically, the application logs sensitive user credentials, including plaintext passwords, within the developer console logs. This vulnerability, identified as CVE-2019-25605, allows an attacker with access to the device or ADB (Android Debug Bridge) to extract these credentials. The vulnerability was reported in 2019, but publicly disclosed details and exploits surfaced more recently. Successful…</p> highadvisoryinsecure-loggingcredential-accessandroid