CVE-2020-35455

HIGH

Taidii Diibear 2.4.0 - Cleartext Storage of Sensitive Information in Shared Preferences and SQLite Database

Title source: llm

Description

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.

References (2)

Core 2

Core References

Product, Third Party Advisory x_refsource_misc

https://play.google.com/store/apps/details?id=com.taidii.diibear&hl=en_US&gl=US

Third Party Advisory x_refsource_misc

https://github.com/galapogos/Taidii-Diibear-Vulnerabilities/

View Writeup ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 14.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-312

Status published

Products (1)

taidii/diibear 2.4.0

Published Mar 17, 2021

Tracked Since Feb 18, 2026