Main Vulnerability Database Vulnerabilities #VU33682

Cleartext storage of sensitive information in ownCloud Android App - #VU33682

Published: August 4, 2020

Vulnerability identifier: #VU33682

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ownCloud Android App

Software vendor:
ownCloud

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists within the app lock feature such as the pincode/pattern due to creating a backup of the ownCloud Android app via adb provides access to the app preferences file. An authenticated attacker with physical access can change the values, restore the backup to the device and circumvent the lock.

Remediation

Install updates from vendor's website.

External links

https://owncloud.org/security/advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/

Cleartext storage of sensitive information in ownCloud Android App - #VU33682

Description

Remediation

External links

Please verify you're human