DoorDash Android App Vulnerability [CVE-2019-17397]

CVE number – CVE-2019-17397

Usernames and passwords are stored in the log during the authentication.

Hackers can obtain user password/ID of DoorDash, simply looking at Logcat. Especially, in old Android versions prior to Android Jelly Bean, any app installed can access Logcat without any permission. # Application: DoorDash

Version: 11.0.2 ~ 11.5.2 (all versions we tested have this problem)

Software Link: https://play.google.com/store/apps/details?id=com.dd.doordash

Company: DoorDash

Installs: 10,000,000+  (#1 in food category in Google Play)

This has been reported to the creator, and they are working on a fix.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: