TronLink Wallet 2.2.0 for Android

CPE Details

TronLink Wallet 2.2.0 for Android
tronlink
wallet
2.2.0
2019-07-23
14h08 +00:00
2019-07-23
14h08 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:tronlink:wallet:2.2.0:*:*:*:*:android:*:*

Informations

Vendor

tronlink

Product

wallet

Version

2.2.0

Target Software

android

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-13096 2019-07-22 14h14 +00:00 TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/.xml to gain unauthorized access.
9.8
Critique
CVE-2019-13098 2019-07-22 13h52 +00:00 The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
6.5
Moyen