The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
Add your gear to cvedb and we'll alert you only when i-doo ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.