CVE-2017-5250 - In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app

CVE-2017-5250

Summary

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

References

https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/

Vulnerable Configurations

cpe:2.3:a:insteon:insteon_for_hub:*:*:*:*:*:android:*:*
cpe:2.3:a:insteon:insteon_for_hub:*:*:*:*:*:android:*:*

CVSS

Base:	5.0 (as of 09-10-2019 - 23:28)
Impact:
Exploitability:

CWE

CWE-922

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/

Last major update

09-10-2019 - 23:28

Published

22-02-2018 - 16:29

Last modified

09-10-2019 - 23:28