PT-2017-15502 · Files App · Files App

Published

2017-11-22

Updated

2017-12-11

CVE-2017-2715

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Files APP versions 7.1.1.309 and earlier

Description A brute-force password cracking issue exists due to the improper design of the Safe key database, allowing an unauthorized attacker to access sensitive database information and potentially crack users' Safe passwords, leading to information leaks.

Recommendations For versions 7.1.1.309 and earlier, update to a newer version that addresses the improper design of the Safe key database to prevent brute-force password cracking.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-2715

Affected Products

Files App

PT-2017-15502 · Files App · Files App

CVE-2017-2715

Weakness Enumeration

Related Identifiers

Affected Products

References · 3