CVE-2017-5249: Critical severity whmcs vulnerability

Q: What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2017-5249.

Q: What is the severity of CVE-2017-5249?

CVE-2017-5249 has a severity rating of 9.8 (Critical).

Q: What is the affected software for CVE-2017-5249?

The affected software for CVE-2017-5249 is Wink - Smart Home Android app version 6.1.0.19 and prior.

Q: What is the impact of CVE-2017-5249?

CVE-2017-5249 could allow a remote attacker to obtain sensitive information.

Q: How can CVE-2017-5249 be exploited?

CVE-2017-5249 can be exploited by exploiting the insecure storage of OAuth token.

Published Feb 22, 2018

Updated

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

Other sources

Wink Wink - Smart Home Android app could allow a remote attacker to obtain sensitive information, caused by storing OAuth token in an insecure manner. A remote attacker could exploit this vulnerability to obtain sensitive information.

— IBM

Affected Software

2 affected components

Wink Wink Android<=6.1.0.19

IBM Security Verify Governance<=10.0

Event History

Feb 22, 2018

CVE Published

via MITRE·04:00 PM

Data Sourced

via MITRE·04:00 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7057377

Frequently Asked Questions

What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2017-5249.

What is the severity of CVE-2017-5249?

CVE-2017-5249 has a severity rating of 9.8 (Critical).

What is the affected software for CVE-2017-5249?