The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.
References
Link | Resource |
---|---|
https://github.com/galapogos/Taidii-Diibear-Vulnerabilities/ | Third Party Advisory |
https://play.google.com/store/apps/details?id=com.taidii.diibear&hl=en_US&gl=US | Product Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-03-17 15:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-35455
Mitre link : CVE-2020-35455
CVE.ORG link : CVE-2020-35455
JSON object : View
Products Affected
taidii
- diibear
CWE
CWE-312
Cleartext Storage of Sensitive Information