PT-2018-8242 · Smarthome · Wink

Deral Heiland

Published

2018-02-22

Updated

2019-10-09

CVE-2017-5249

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Wink - Smart Home Android app versions 6.1.0.19 and prior

Description: The issue concerns the storage of the OAuth token used for authorizing user access. Specifically, the token is not stored in an encrypted and secure manner.

Recommendations: For versions 6.1.0.19 and prior, consider updating the app to a version where the OAuth token is stored securely, if such a version is available. As a temporary workaround, restrict access to sensitive features that rely on the OAuth token until a secure version of the app is installed.

Fix

Insecure Storage of Sensitive Information

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922CWE-312

Related Identifiers

CVE-2017-5249

Affected Products

Wink

PT-2018-8242 · Smarthome · Wink

CVE-2017-5249

Weakness Enumeration

Related Identifiers

Affected Products

References · 3