CVE-2020-13637

Name of the Vulnerable Software and Affected Versions stashcat app through 3.9.2

Description The issue concerns the insecure storage of critical information, including the client key, device id, and public key for end-to-end encryption, which are stored in cleartext. This enables an attacker, by accessing the local storage database file, to login to the system from any other computer and gain unlimited access to all data in the user's context. The vulnerability may allow a remote attacker to disclose protected information.

Recommendations For stashcat app through 3.9.2, consider updating to a version that securely stores sensitive information, such as the client key, device id, and public key, to prevent unauthorized access. As a temporary workaround, restrict access to the local storage database file to minimize the risk of exploitation.