Insecure Storage of Appwrite User Credentials in Appwrite CLI

Insecure Storage of Appwrite User Credentials in Appwrite CLI

CVE-2023-50974 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.

Learn more about our User Device Pen Test.