ID CVE-2018-19981
Summary Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).
References
Vulnerable Configurations
  • cpe:2.3:a:amazon:aws_software_development_kit:2.0.5:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.0.5:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.1.0:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.1.0:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.1.1:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.1.1:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.1.7:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.1.7:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.1.8:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.1.8:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.1.9:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.1.9:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.1.10:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.1.10:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.0:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.0:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.1:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.1:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.2:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.2:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.3:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.3:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.4:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.4:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.5:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.5:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.6:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.6:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.7:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.7:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.8:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.8:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.9:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.9:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.10:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.10:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.11:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.11:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.12:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.12:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.13:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.13:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.14:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.14:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.15:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.15:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.16:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.16:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.17:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.17:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.18:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.18:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.19:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.19:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.20:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.20:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.21:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.21:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.2.22:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.2.22:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.0:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.0:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.1:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.1:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.2:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.2:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.3:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.3:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.4:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.4:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.5:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.5:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.6:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.6:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.7:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.7:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.8:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.8:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.3.9:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.3.9:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.4.0:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.4.0:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.4.1:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.4.1:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.4.2:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.4.2:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.4.3:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.4.3:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.4.4:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.4.4:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.4.5:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.4.5:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.4.6:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.4.6:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.4.7:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.4.7:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.0:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.0:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.1:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.1:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.2:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.2:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.3:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.3:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.4:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.4:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.5:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.5:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.6:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.6:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.7:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.7:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.8:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.8:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.9:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.9:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.10:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.10:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.11:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.11:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.12:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.12:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.13:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.13:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.14:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.14:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.15:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.15:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.16:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.16:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.17:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.17:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.18:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.18:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.19:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.19:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.20:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.20:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.21:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.21:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.22:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.22:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.23:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.23:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.24:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.24:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.25:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.25:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.26:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.26:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.27:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.27:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.28:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.28:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.29:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.29:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.30:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.30:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.6.31:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.6.31:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.7.0:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.7.0:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.7.1:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.7.1:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.7.2:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.7.2:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.7.3:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.7.3:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.7.4:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.7.4:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.7.5:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.7.5:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.7.6:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.7.6:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.7.7:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.7.7:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.8.0:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.8.0:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.8.1:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.8.1:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.8.2:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.8.2:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.8.3:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.8.3:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.8.4:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.8.4:*:*:*:*:android:*:*
  • cpe:2.3:a:amazon:aws_software_development_kit:2.8.5:*:*:*:*:android:*:*
    cpe:2.3:a:amazon:aws_software_development_kit:2.8.5:*:*:*:*:android:*:*
CVSS
Base: 9.0 (as of 10-05-2021 - 16:20)
Impact:
Exploitability:
CWE CWE-312
CAPEC
  • Retrieve Embedded Sensitive Data
    An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
misc
Last major update 10-05-2021 - 16:20
Published 04-04-2019 - 15:29
Last modified 10-05-2021 - 16:20
Back to Top