PT-2011-3317 · Microsoft · Skype For Android

Justin Case

Published

2011-04-18

Updated

2011-05-11

CVE-2011-1717

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Skype for Android (affected versions not specified)

Description The issue concerns the storage of sensitive user data without encryption in sqlite3 databases. These databases have weak permissions, allowing local applications to access private information, including user IDs, contacts, phone numbers, date of birth, and instant message logs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-1717

Affected Products

Skype For Android

PT-2011-3317 · Microsoft · Skype For Android

CVE-2011-1717

Weakness Enumeration

Related Identifiers

Affected Products

References · 5