PT-2018-13439 · Ismartalarm · Ismartalarm
Francesco Servida
·
Published
2018-11-20
·
Updated
2019-10-03
·
CVE-2018-16222
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
iSmartAlarm application versions through 2.0.8 for Android
Description
The issue concerns the storage of credentials in cleartext within the iSmartAlarmData.xml configuration file. This allows an attacker to retrieve the
username and password.Recommendations
For versions through 2.0.8, update to a version that fixes the cleartext storage of credentials to prevent unauthorized access to user credentials.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ismartalarm