CVE-2021-32612

high

Description

The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.

References

https://trovent.io/security-advisory-2105-01

https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt

https://play.google.com/store/apps/details?id=com.veryfit2hr.second&hl=en_US&gl=US

http://seclists.org/fulldisclosure/2021/Jun/45

Details

Source: Mitre, NVD

Published: 2021-06-16

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00235