CVE-2014-1664 – GoToMeeting for Android - Multiple Local Information Disclosure Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-1664

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file. La aplicación Citrix GoToMeeting v5.0.799.1238 para Android registra las peticiones HTTP que contienen información sensible, lo que permite a atacantes remotos obtener IDs de usuario, detalles de las reuniones, y tokens de autenticación a través de una aplicación que lea el fichero de registro del sistema. GoToMeeting Android application (com.citrixonline.android.gotomeeting-1.apk) version 5.0.799.1238 is vulnerable to information disclosure via logging output, resulting in the leak of userID, meeting details, and authentication tokens. Android applications with permissions to read system log files may obtain the leaked information. • https://www.exploit-db.com/exploits/39061 http://osvdb.org/102559 http://www.securityfocus.com/archive/1/530879/100/0/threaded http://www.securityfocus.com/bid/65123 https://exchange.xforce.ibmcloud.com/vulnerabilities/90695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •