Vulnerability Description
The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wellsfargo | Wells Fargo Mobile | 1.1 |
| Android | All versions |
Related Weaknesses (CWE)
References
- http://news.cnet.com/8301-27080_3-20021874-245.html
- http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html
- http://viaforensics.com/appwatchdog/wells-fargo-android.html
- http://news.cnet.com/8301-27080_3-20021874-245.html
- http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html
- http://viaforensics.com/appwatchdog/wells-fargo-android.html
FAQ
What is CVE-2010-4214?
CVE-2010-4214 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive infor...
How severe is CVE-2010-4214?
CVE-2010-4214 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4214?
Check the references section above for vendor advisories and patch information. Affected products include: Wellsfargo Wells Fargo Mobile, Google Android.