Skip to main content

Exposure of Sensitive Information to an Unauthorized Actor


Severity High
Score 7.5/10


Smarthome and earlier versions,HiAPP and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet and earlier versions,Huawei Pay and earlier versions,Skytone and earlier versions,HwCloudDrive(EMUI6.0) and earlier versions,HwPhoneFinder(EMUI6.0) and earlier versions,HwPhoneFinder(EMUI5.1) and earlier versions,HiCinema and earlier versions,HuaweiWear and earlier versions,HiHealthApp and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.

  • LOW
  • NONE
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.


Advisory Timeline

  • Published