7.5

CVE-2020-13637

EPSS 0.08%
Veröffentlicht 17.06.2020 17:15:10
Zuletzt bearbeitet 21.11.2024 05:01:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users's context.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Heinekingmedia ≫ Stashcat SwPlatformandroid Version <= 3.9.2

Heinekingmedia ≫ Stashcat SwPlatformiphone_os Version <= 3.9.2

Heinekingmedia ≫ Stashcat SwPlatformmacos Version <= 3.9.2

Heinekingmedia ≫ Stashcat SwPlatformwindows Version <= 3.9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.206

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://www.jvanlaak.de/stashcat.html

Third Party Advisory

http://www.jvanlaak.de/stashcat_CWE_312_200527.pdf

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-13637

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13637

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13637

EUVD