CVE-2019-13096

Name of the Vulnerable Software and Affected Versions TronLink Wallet version 2.2.0

Description The issue allows an attacker to gain unauthorized access by reading and reusing a user's keystore. This is possible because the keystore is stored in plaintext and placed in insecure storage. An attacker can exploit this via the "/data/data/com.tronlink.wallet/shared prefs/.xml" endpoint, specifically targeting the wallet-name variable.

Recommendations For TronLink Wallet version 2.2.0, consider restricting access to the insecure storage to minimize the risk of exploitation. As a temporary workaround, avoid using the wallet until a secure storage solution is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.