PT-2019-13126 · Estmob · Send Anywhere
Publicado
2019-07-22
·
Atualizado
2020-08-24
·
CVE-2019-13100
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Send Anywhere version 9.4.18
Description
The issue allows a non-root user to access confidential information, specifically the username and password of a valid user, due to insecure storage of this data in cleartext. This can be achieved by accessing the /data/data/com.estmob.android.sendanywhere/shared prefs/sendanywhere device.xml file.
Recommendations
For Send Anywhere version 9.4.18, consider restricting access to the shared preferences file sendanywhere device.xml to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Cleartext Storage of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Send Anywhere