Scan free
LOWCVE-2019-5627CVSS 2.8

CVE-2019-5627: Cleartext Credential Storage in BlueCats Reveal

Platform

ios

Component

bluecats-reveal

Fixed in

5.14.1

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2019-5627 is a security vulnerability affecting BlueCats Reveal, an iOS mobile application. This vulnerability involves the insecure storage of usernames and passwords in the app cache as base64 encoded strings. An attacker gaining physical access to a compromised device could potentially extract these credentials and compromise the associated BlueCats network implementation. The vulnerability impacts versions of BlueCats Reveal prior to 5.14, and a fix is available in version 5.14.

iOS / CocoaPods

Detect this CVE in your project

Upload your Podfile.lock file and we'll tell you instantly if you're affected.

Upload Podfile.lockSupported formats: Podfile.lock · Podfile

Impact and Attack Scenarios

The primary impact of CVE-2019-5627 is the potential for unauthorized access to BlueCats networks. An attacker who obtains physical access to an iOS device running a vulnerable version of BlueCats Reveal can extract the stored username and password from the app cache. Because the credentials are stored in base64 encoded format, decoding them is trivial. This allows the attacker to impersonate a legitimate user and gain control of the BlueCats network, potentially leading to data breaches, unauthorized configuration changes, or disruption of services. The blast radius is limited to the specific BlueCats network implementation affected by the compromised credentials, but the consequences can be significant for organizations relying on this system.

Exploitation Context

CVE-2019-5627 was publicly disclosed on May 22, 2019. There are no known active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released, but the ease of decoding base64 encoded strings suggests that exploitation would be relatively straightforward for an attacker with physical access to a compromised device. This vulnerability is not currently listed on the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureLow

EPSS

0.06% (18% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N2.8LOWAttack VectorLocalHow the attacker reaches the targetAttack ComplexityHighConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Local — attacker needs a local shell or interactive session on the system.
Attack Complexity
High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentbluecats-reveal
VendorBlueCats
Affected rangeFixed in
before 5.14 – before 5.145.14.1

Weakness Classification (CWE)

CWE-922

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2019-5627 is to upgrade BlueCats Reveal to version 5.14 or later, which addresses the insecure storage of credentials. If immediate upgrading is not possible, consider implementing mobile device management (MDM) policies to restrict access to sensitive data and enforce strong password policies. While base64 encoding is not encryption, it does provide a minimal level of obfuscation. However, relying on this is not a secure practice. There are no specific WAF or proxy rules that can directly address this vulnerability, as it resides within the application itself. Regular security audits of the BlueCats Reveal application and its configuration are also recommended.

How to fix

Update the BlueCats Reveal application to version 5.14 or later. This version fixes the insecure storage of credentials. Ensure you delete the application and reinstall it after updating to clear any existing cache.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2019-5627 — Cleartext Credential Storage in BlueCats Reveal?

CVE-2019-5627 is a vulnerability in BlueCats Reveal versions before 5.14 where usernames and passwords are stored in the app cache as base64 encoded strings, accessible with physical device access.

Am I affected by CVE-2019-5627 in BlueCats Reveal?

You are affected if you are using BlueCats Reveal versions prior to 5.14 on iOS devices. Check your app version and upgrade immediately if necessary.

How do I fix CVE-2019-5627 in BlueCats Reveal?

Upgrade BlueCats Reveal to version 5.14 or later to resolve the insecure credential storage issue. Consider implementing MDM policies for enhanced security.

Is CVE-2019-5627 being actively exploited?

There are no known active exploitation campaigns targeting CVE-2019-5627 at this time, but the vulnerability is easily exploitable with physical device access.

Where can I find the official BlueCats advisory for CVE-2019-5627?

Refer to the BlueCats security advisory for detailed information and updates regarding CVE-2019-5627: [https://www.bluecats.com/security-advisory/](https://www.bluecats.com/security-advisory/)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs