7.8
CVE-2016-6547
- EPSS 0.41%
- Veröffentlicht 13.07.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 02:56:19
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginZizai Tech Nut stores the account password in cleartext
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nutspace ≫ Nut Mobile Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.324 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-313 Cleartext Storage in a File or on Disk
The product stores sensitive information in cleartext in a file, or on disk.
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
https://www.kb.cert.org/vuls/id/402847
https://www.securityfocus.com/bid/93877