CVE-2019-13096

TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet/shared_prefs/<wallet-name>.xml to gain unauthorized access.
References
Link Resource
https://pastebin.com/raw/08REmV1X Exploit Third Party Advisory
https://pastebin.com/raw/J9B8Lh0j Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:tronlink:wallet:2.2.0:*:*:*:*:android:*:*

Information

Published : 2019-07-22 10:15

Updated : 2020-08-24 10:37


NVD link : CVE-2019-13096

Mitre link : CVE-2019-13096


JSON object : View

CWE
CWE-312

Cleartext Storage of Sensitive Information

Advertisement

dedicated server usa

Products Affected

tronlink

  • wallet