Monaca Debugger for Android information management vulnerability


Monaca Debugger for Android contains an information management vulnerability.

Monaca Debugger provided by Asial Corporation contains an issue where account information of the product or other information such as session IDs are saved in a log file.

KuMaGa ShiRoIHi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

Asial Corporation
  • Monaca Debugger ver1.4.1 and earlier


Android applications with permissions to read system log files may obtain users credentials of Monaca or other information such as session IDs.

[Update the Software]
Apply the latest update according to the information provided by the developer.
Vendor Information

Asial Corporation
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-5172

  1. JVN : JVN#56923652
  2. National Vulnerability Database (NVD) : CVE-2012-5172
Revision History

  • [2012/11/16]
      Web page was published