Primary

Context

Tapandsign Technologies Tap&Sign App Password Recovery Exploitation Vulnerability

Vulnerability

Patched

A vulnerability exists in the Tap&Sign App developed by Tapandsign Technologies, prior to version 1.025, allowing exploitation of the password recovery mechanism. This issue involves the cleartext storage of sensitive information in an environment variable, coupled with a weak password recovery process for forgotten passwords, which can be misused to manipulate application functionality.

Impact

Exploitation of this vulnerability could lead to unauthorized password recovery, allowing attackers to gain access to user accounts.

Remediation

Users are advised to update the Tap&Sign App to version 1.025 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tapandsign Technologies Tap&Sign App Password Recovery Exploitation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Tapandsign Technologies Tap&Sign App

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating