CVE-2010-4214
 
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data.
La aplicación Wells Fargo Mobile v1.1 para Android almacena el nombre de usuario y la contraseña, junto con los saldos de cuentas, en texto plano, lo que podría permitir a atacantes físicamente próximos obtener información sensible mediante la lectura de datos de aplicación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-11-08 CVE Reserved
- 2010-11-08 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://news.cnet.com/8301-27080_3-20021874-245.html | X_refsource_misc | |
http://online.wsj.com/article/SB10001424052748703805704575594581203248658.html | X_refsource_misc | |
http://viaforensics.com/appwatchdog/wells-fargo-android.html | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wellsfargo Search vendor "Wellsfargo" | Wells Fargo Mobile Search vendor "Wellsfargo" for product "Wells Fargo Mobile" | 1.1 Search vendor "Wellsfargo" for product "Wells Fargo Mobile" and version "1.1" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | * | - |
Safe
|