- Platform: Mobile Clients
- Versions:
- Date: 8/3/2020
- Risk: low
- CVSS v3 Base Score: 3.9
- CVSS v3 Vector: AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
- CWE ID: CWE-312
- CWE Name: Cleartext Storage of Sensitive Information
Description
Given an attacker has physical access, creating a backup of the 玩嘉电竞下载注册 Android app via adb provides access to the app preferences file.
Contained in the file were settings related to the app lock feature such as the pincode/pattern and if the respective lock is active. An attacker could change the values and restore the backup to the device which allows the attacker to circumvent the lock.
Affected
– 玩嘉电竞下载注册 Android App version < 2.15
Action taken
Disallow back up of app data