PT-2013-6221 · Zippyyum · Zippyyum Subway Ca Kiosk App

Daniel E. Wood

Publicado

2013-12-12

Atualizado

2013-12-20

CVE-2013-6986

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ZippyYum Subway CA Kiosk app version 3.4

Description The issue concerns the use of cleartext storage in SQLite cache databases. This allows attackers to obtain sensitive information by reading data elements, such as password elements.

Recommendations For ZippyYum Subway CA Kiosk app version 3.4, consider implementing secure storage mechanisms to protect sensitive data, such as encrypting the SQLite cache databases. As a temporary workaround, restrict access to the app's data storage to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2013-6986

Produtos afetados

Zippyyum Subway Ca Kiosk App

PT-2013-6221 · Zippyyum · Zippyyum Subway Ca Kiosk App

CVE-2013-6986

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5