| Title | Insecure Data Storage in Diary with Lock: Daily Journal 1.012.GP.B |
|---|
| Description | It was possible to collect the PIN password in clear text from the SQLite3 database. An attacker with that information would be able to access the diary and access the application in question.
Version apk: 1.012.GP.B
PoC video: https://www.youtube.com/watch?v=V0u9C5RVSic
Sources
https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage
https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05d-testing-data-storage |
|---|
| Source | ⚠️ https://play.google.com/store/apps/details?id=diary.journal.lock.mood.daily&hl=en_US |
|---|
| User | Anonymous User |
|---|
| Submission | 05/23/2023 22:45 (3 years ago) |
|---|
| Moderation | 05/24/2023 11:34 (13 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 229819 [Simple Design Daily Journal 1.012.GP.B on Android SQLite Database cleartext storage in file] |
|---|
| Points | 20 |
|---|