Vulnerabilities > CVE-2017-16560 - Insecure Storage of Sensitive Information vulnerability in Sandisk Secureaccess 3.01

CVSS 4.3 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

sandisk

CWE-922

NVD

Published: 2017-11-16

Updated: 2023-11-07

Summary

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.

Vulnerable Configurations

Part	Description	Count
Application	Sandisk Sandisk Secureaccess 3.01	1

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://medium.com/%40esterling_/cve-2017-16560-sandisk-secure-access-leaves-plain-text-copies-of-files-on-disk-4eabeca6bdbc