CVE-2017-5250 Vulnerability Details

  /     /     /  

CVE-2017-5250 Metadata Quick Info

CVE Published: 22/02/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: rapid7 | Vendor: Insteon | Product: Insteon for Hub
Status : PUBLISHED

---

CVE-2017-5250 Description

In version 1.9.7 and prior of Insteon\'s Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-922
CWE Name: CWE-922 (Insecure Storage of Sensitive Information)
Source: Insteon

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).