ByteOS Network

NVD Vulnerability Details :

CVE-2018-10812

Analyzed

Source-cve@mitre.org

Published At-08 May, 2018 | 19:29

Updated At-03 Oct, 2019 | 00:03

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.1	MEDIUM	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 4.1

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 1.9

Base severity: LOW

Vector:

AV:L/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

bitpie>>bitcoin_wallet>>Versions up to 3.2.4(inclusive)

cpe:2.3:a:bitpie:bitcoin_wallet:*:*:*:*:*:android:*:*

bitpie>>bitcoin_wallet>>Versions up to 3.2.4(inclusive)

cpe:2.3:a:bitpie:bitcoin_wallet:*:*:*:*:*:iphone_os:*:*

Weaknesses

CWE ID	Type	Source
CWE-312	Primary	nvd@nist.gov

CWE ID: CWE-312

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/edwardz246003/misc/blob/master/Bitpie%20CVE-2018-10812..md	nvd@nist.gov	Third Party Advisory
https://github.com/edwardz246003/misc/blob/master/Bitpie.md	cve@mitre.org	Broken Link

Hyperlink: https://github.com/edwardz246003/misc/blob/master/Bitpie%20CVE-2018-10812..md

Source: nvd@nist.gov

Resource:

Third Party Advisory

Hyperlink: https://github.com/edwardz246003/misc/blob/master/Bitpie.md

Source: cve@mitre.org

Resource:

Broken Link

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History