CVE-2017-5249
22.02.2018, 16:29
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.Enginsight
Common Weakness Enumeration
- CWE-922 - Insecure Storage of Sensitive InformationThe software stores sensitive information without properly limiting read or write access by unauthorized actors.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.