Cleartext Storage of Digital Currency Initial Keys in Bitpie Application

Cleartext Storage of Digital Currency Initial Keys in Bitpie Application

CVE-2018-10812 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).

Learn more about our Cis Benchmark Audit For Apple Ios.