PT-2019-13126 · Estmob · Send Anywhere

Published

2019-07-22

Updated

2020-08-24

CVE-2019-13100

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Send Anywhere version 9.4.18

Description The issue allows a non-root user to access confidential information, specifically the username and password of a valid user, due to insecure storage of this data in cleartext. This can be achieved by accessing the /data/data/com.estmob.android.sendanywhere/shared prefs/sendanywhere device.xml file.

Recommendations For Send Anywhere version 9.4.18, consider restricting access to the shared preferences file sendanywhere device.xml to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2019-13100

Affected Products

Send Anywhere

PT-2019-13126 · Estmob · Send Anywhere

CVE-2019-13100

Weakness Enumeration

Related Identifiers

Affected Products

References · 3