Information from Gift Pad Co.,Ltd.
Vulnerability ID:JVN#07825095
Title:"region PAY" App for Android vulnerable to insertion of sensitive information into log file
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
Support for information leakage from log files generated during HTTP communication was released on 7/6/2023.
Support for information leakage from log files output by special operations other than HTTP communication was also released on 2024/05.
(Special operation: When the application is launched after the application is killed on the SMS authentication screen, the phone number, password, etc. are logged out.)
The above support has already been implemented in the Android app “region PAY” 1.5.28, and this vulnerability does not affect customers.
We have not confirmed any damage caused by exploitation of this vulnerability.
