PT-2018-8243 · Insteon · Insteon For Hub

Deral Heiland

Published

2018-02-22

Updated

2019-10-09

CVE-2017-5250

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Insteon for Hub Android app versions 1.9.7 and prior

Description: The issue concerns the insecure storage of the OAuth token used for authorizing user access. This token is not stored in an encrypted and secure manner, potentially exposing user data.

Recommendations: For versions 1.9.7 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insecure Storage of Sensitive Information

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922CWE-312

Related Identifiers

CVE-2017-5250

Affected Products

Insteon For Hub

PT-2018-8243 · Insteon · Insteon For Hub

CVE-2017-5250

Weakness Enumeration

Related Identifiers

Affected Products

References · 3