CVE number – CVE-2019-17397
Usernames and passwords are stored in the log during the authentication.
Hackers can obtain user password/ID of DoorDash, simply looking at Logcat. Especially, in old Android versions prior to Android Jelly Bean, any app installed can access Logcat without any permission. # Application: DoorDash
Version: 11.0.2 ~ 11.5.2 (all versions we tested have this problem)
Software Link: https://play.google.com/store/apps/details?id=com.dd.doordash
Installs: 10,000,000+ (#1 in food category in Google Play)
This has been reported to the creator, and they are working on a fix.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.