PT-2018-16878 · Oral B · Oral-B App

Published

2018-01-08

Updated

2018-01-31

CVE-2018-5298

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oral-B App version 5.0.0

Description The issue concerns the use of AES encryption with static parameters to secure locally stored shared preferences in the Oral-B App. This could allow an attacker to more easily gain access to locally stored user data by leveraging access to the preferences XML file.

Recommendations For version 5.0.0, consider implementing dynamic encryption parameters to secure the locally stored shared preferences, and restrict access to the preferences XML file to minimize the risk of exploitation.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2018-5298

Affected Products

Oral-B App

PT-2018-16878 · Oral B · Oral-B App

CVE-2018-5298

Weakness Enumeration

Related Identifiers

Affected Products

References · 3