| Titel | Insecure Data Storage in Diary with Lock: Daily Journal 1.012.GP.B |
|---|
| Beschreibung | It was possible to collect the PIN password in clear text from the SQLite3 database. An attacker with that information would be able to access the diary and access the application in question.
Version apk: 1.012.GP.B
PoC video: https://www.youtube.com/watch?v=V0u9C5RVSic
Sources
https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage
https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05d-testing-data-storage |
|---|
| Quelle | ⚠️ https://play.google.com/store/apps/details?id=diary.journal.lock.mood.daily&hl=en_US |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 23.05.2023 22:45 (vor 3 Jahren) |
|---|
| Moderieren | 24.05.2023 11:34 (13 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 229819 [Simple Design Daily Journal 1.012.GP.B auf Android SQLite Database Information Disclosure] |
|---|
| Punkte | 20 |
|---|