CVE-2018-10812 — MEDIUM (4.1)

Q: How severe is CVE-2018-10812?

CVE-2018-10812 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-10812?

Check the references section above for vendor advisories and patch information. Affected products include: Bitpie Bitcoin Wallet.

Vulnerability Description

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).

CVSS Score

4.1

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bitpie	Bitcoin Wallet	<= 3.2.4

Related Weaknesses (CWE)

CWE-312

References

https://github.com/edwardz246003/misc/blob/master/Bitpie.mdBroken Link
https://github.com/edwardz246003/misc/blob/master/Bitpie%20CVE-2018-10812..mdThird Party Advisory
https://github.com/edwardz246003/misc/blob/master/Bitpie.mdBroken Link

FAQ

What is CVE-2018-10812?

CVE-2018-10812 is a vulnerability with a CVSS score of 4.1 (MEDIUM). The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.bie...

How severe is CVE-2018-10812?

CVE-2018-10812 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10812?

Check the references section above for vendor advisories and patch information. Affected products include: Bitpie Bitcoin Wallet.