Posted by David Longenecker on Jan 22

The USAA Mobile app for Android, prior to version 7.10.1 (released 19
January), contains an information disclosure vulnerability. I have
submitted a CVE-Assign request for this issue but do not yet have a CVE
assigned. The issue is demonstrated with sanitized screen captures at
http://dnlongen.blogspot.com/CVE-2015-USAA

By design, the USAA Mobile app for Android allows users to select whether
to log out immediately upon task-switching (i.e….