CVE-2020-35454
MEDIUMTaidii Diibear 2.4.0 - Cleartext Storage of Sensitive Information in Android Backup
Title source: llmDescription
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.
References (2)
Core 2
Core References
Product, Third Party Advisory x_refsource_misc
https://play.google.com/store/apps/details?id=com.taidii.diibear&hl=en_US&gl=US
Third Party Advisory x_refsource_misc
https://github.com/galapogos/Taidii-Diibear-Vulnerabilities/
Scores
CVSS v3
6.8
EPSS
0.0024
EPSS Percentile
14.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-312
Status
published
Products (1)
taidii/diibear
2.4.0
Published
Mar 17, 2021
Tracked Since
Feb 18, 2026