Skip to main content

Insecure Storage of Sensitive Information

CVE-2021-25524

Severity Low
Score 3.3/10

Summary

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-922 - Insecure Storage of Sensitive Information

The software stores sensitive information without properly limiting read or write access by unauthorized actors.

References

Advisory Timeline

  • Published