PT-2018-8242 · Smarthome · Wink

Deral Heiland

Publicado

2018-02-22

Atualizado

2019-10-09

CVE-2017-5249

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Wink - Smart Home Android app versions 6.1.0.19 and prior

Description: The issue concerns the storage of the OAuth token used for authorizing user access. Specifically, the token is not stored in an encrypted and secure manner.

Recommendations: For versions 6.1.0.19 and prior, consider updating the app to a version where the OAuth token is stored securely, if such a version is available. As a temporary workaround, restrict access to sensitive features that rely on the OAuth token until a secure version of the app is installed.

Correção

Insecure Storage of Sensitive Information

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-922CWE-312

Identificadores relacionados

CVE-2017-5249

Produtos afetados

Wink

PT-2018-8242 · Smarthome · Wink

CVE-2017-5249

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3