Soumettre #756058: AliasVault v0.25.3 Insecure Storage of Sensitive Informationinformation

TitreAliasVault v0.25.3 Insecure Storage of Sensitive Information
DescriptionAliasVault version 0.25.3 for Android stored sensitive authentication and cryptographic data in plaintext in shared_prefs/aliasvault.xml. The application allowed backups (android:allowBackup="true") but only excluded credential_identities.xml from backup rules, leaving access tokens, refresh tokens, key derivation parameters, and authentication data in cloud or device-transfer backups. An attacker who accessed a device backup or during device transfer could steal this sensitive data and compromise user accounts and active sessions.
La source⚠️ https://github.com/aliasvault/aliasvault/issues/1497#issuecomment-3799836461
Utilisateur
 nmaochea (UID 95128)
Soumission11/02/2026 05:42 (il y a 3 mois)
Modérer22/02/2026 15:47 (11 days later)
StatutAccepté
Entrée VulDB347340 [AliasVault App jusqu’à 0.25.3 sur Android/iOS Backup aliasvault.xml divulgation d'information]
Points20

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!