Vulnerabilities > CVE-2017-5249 - Insecure Storage of Sensitive Information vulnerability in Wink 6.1.0.19

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wink

CWE-922

NVD

Published: 2018-02-22

Updated: 2019-10-09

Summary

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

Vulnerable Configurations

Part	Description	Count
Application	Wink Wink Wink 6.1.0.19	1

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/