Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1717

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2011-1717
Last Modified 11 May 2011 03:25:44
Published 18 Apr 2011 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1717

Summary

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.

Vulnerable Systems

Application

  • Skype For Android


References

MISC - http://www.theregister.co.uk/2011/04/15/skype_for_android_vulnerable/

SECTRACK - 1025387

MISC - http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/

CONFIRM - http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html


Last Updated: 27 May 2016 10:56:24