Cleartext Storage of Sensitive Information
CVE-2020-36248
Summary
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
- LOW
- PHYSICAL
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-312 - Cleartext Storage of Sensitive Information
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
References
Advisory Timeline
- Published