Vulnerabilities > CVE-2017-5250 - Insecure Storage of Sensitive Information vulnerability in Insteon for HUB 1.9.7

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

insteon

CWE-922

critical

NVD

Published: 2018-02-22

Updated: 2019-10-09

Summary

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

Vulnerable Configurations

Part	Description	Count
Application	Insteon Insteon Insteon FOR HUB 1.9.7	1

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/