Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: November 13, 2014
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.
Related Resources (5)
Weakness Type (CWE)
Insufficiently Protected CredentialsCWE-522
|Attack Vector (AV):||LOCAL|
|Attack Complexity (AC):||LOW|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||REQUIRED|
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||MEDIUM|