Vulnerability Description
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skype | Skype For Android | All versions |
Related Weaknesses (CWE)
References
- http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html
- http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-andExploit
- http://www.securitytracker.com/id?1025387
- http://www.theregister.co.uk/2011/04/15/skype_for_android_vulnerable/
- http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html
- http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-andExploit
- http://www.securitytracker.com/id?1025387
- http://www.theregister.co.uk/2011/04/15/skype_for_android_vulnerable/
FAQ
What is CVE-2011-1717?
CVE-2011-1717 is a vulnerability with a CVSS score of 2.1 (LOW). Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birt...
How severe is CVE-2011-1717?
CVE-2011-1717 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1717?
Check the references section above for vendor advisories and patch information. Affected products include: Skype Skype For Android.