Main Vulnerability Database Vulnerabilities #VU23809

Cleartext storage of sensitive information in Twitter for Android - #VU23809

Published: December 26, 2019

Vulnerability identifier: #VU23809

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Twitter

Affected software:
Twitter for Android

Detailed vulnerability description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to insecure data storage issue. A local application on the device can gain unauthorized access to sensitive information of the Twitter application, such as Direct Messages, protected Tweets, location information.

Remediation

Install updates from vendor's website.

Sources

https://privacy.twitter.com/en/blog

Cleartext storage of sensitive information in Twitter for Android - #VU23809

Detailed vulnerability description

Remediation

Sources

Please verify you're human