Lucene search

MitreCVE-2011-1717

HistoryApr 18, 2011 - 6:55 p.m.

CVE-2011-1717

2011-04-1818:55:02

CWE-264

mitre

web.nvd.nist.gov

skype

android

data security

encryption

nvd

cve-2011-1717

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

25.0%

JSON

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.

Affected configurations

Nvd

Node

skypeskype_for_android

VendorProductVersionCPE
skypeskype_for_android*cpe:2.3:a:skype:skype_for_android:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
skype	skype_for_android	*	cpe:2.3:a:skype:skype_for_android::::::::

References

blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html

www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/

www.securitytracker.com/id?1025387

www.theregister.co.uk/2011/04/15/skype_for_android_vulnerable/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

25.0%

JSON

Related for CVE-2011-1717