CVE-2017-20200 (GCVE-0-2017-20200)
Vulnerability from cvelistv5
Published
2025-09-23 14:02
Modified
2025-09-23 14:55
Severity ?
2.9 (Low) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RC:C
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RC:C
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
  • CWE-310 - Cryptographic Issues
Summary
A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: "(...) there isn't any security implication associated with your findings."
References
cna@vuldb.comhttps://vuldb.com/?ctiid.325143
cna@vuldb.comhttps://vuldb.com/?id.325143
cna@vuldb.comhttps://vuldb.com/?submit.653875
cna@vuldb.comhttps://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213
cna@vuldb.comhttps://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549
cna@vuldb.comhttps://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/
cna@vuldb.comhttps://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/
Impacted products
Vendor Product Version
n/a Coinomi Version: 1.7.0
Version: 1.7.1
Version: 1.7.2
Version: 1.7.3
Version: 1.7.4
Version: 1.7.5
Version: 1.7.6
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-20200",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-23T14:54:17.895560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-23T14:55:15.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Coinomi",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "1.7.1"
            },
            {
              "status": "affected",
              "version": "1.7.2"
            },
            {
              "status": "affected",
              "version": "1.7.3"
            },
            {
              "status": "affected",
              "version": "1.7.4"
            },
            {
              "status": "affected",
              "version": "1.7.5"
            },
            {
              "status": "affected",
              "version": "1.7.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Luke Childs"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "lukechilds (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "lukechilds (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: \"(...) there isn\u0027t any security implication associated with your findings.\""
        },
        {
          "lang": "de",
          "value": "In Coinomi up to 1.7.6 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Das Ausnutzen gilt als schwierig. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "Cryptographic Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T14:02:19.103Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-325143 | Coinomi cleartext transmission",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.325143"
        },
        {
          "name": "VDB-325143 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.325143"
        },
        {
          "name": "Submit #653875 | COINOMI LTD Coinomi \u003c=1.7.6 Cleartext Transmission of Sensitive Information (information dis",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.653875"
        },
        {
          "tags": [
            "broken-link",
            "issue-tracking"
          ],
          "url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2017-11-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-22T07:02:33.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Coinomi cleartext transmission"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2017-20200",
    "datePublished": "2025-09-23T14:02:19.103Z",
    "dateReserved": "2025-09-21T09:06:53.101Z",
    "dateUpdated": "2025-09-23T14:55:15.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-20200\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-09-23T14:15:35.257\",\"lastModified\":\"2025-09-24T18:11:24.520\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: \\\"(...) there isn\u0027t any security implication associated with your findings.\\\"\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"},{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"references\":[{\"url\":\"https://vuldb.com/?ctiid.325143\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.325143\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.653875\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-20200\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-23T14:54:17.895560Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-23T14:55:11.845Z\"}}], \"cna\": {\"title\": \"Coinomi cleartext transmission\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Luke Childs\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"lukechilds (VulDB User)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"lukechilds (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 2.6, \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:C\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Coinomi\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.7.0\"}, {\"status\": \"affected\", \"version\": \"1.7.1\"}, {\"status\": \"affected\", \"version\": \"1.7.2\"}, {\"status\": \"affected\", \"version\": \"1.7.3\"}, {\"status\": \"affected\", \"version\": \"1.7.4\"}, {\"status\": \"affected\", \"version\": \"1.7.5\"}, {\"status\": \"affected\", \"version\": \"1.7.6\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2017-11-08T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-09-21T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-09-22T07:02:33.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.325143\", \"name\": \"VDB-325143 | Coinomi cleartext transmission\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.325143\", \"name\": \"VDB-325143 | CTI Indicators (IOB, IOC, TTP)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.653875\", \"name\": \"Submit #653875 | COINOMI LTD Coinomi \u003c=1.7.6 Cleartext Transmission of Sensitive Information (information dis\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213\", \"tags\": [\"broken-link\", \"issue-tracking\"]}, {\"url\": \"https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/\", \"tags\": [\"related\"]}, {\"url\": \"https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549\", \"tags\": [\"exploit\", \"issue-tracking\"]}, {\"url\": \"https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/\", \"tags\": [\"related\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: \\\"(...) there isn\u0027t any security implication associated with your findings.\\\"\"}, {\"lang\": \"de\", \"value\": \"In Coinomi up to 1.7.6 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\\u00fchrt werden. Das Durchf\\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\\u00e4t verbunden. Das Ausnutzen gilt als schwierig. Der Exploit ist \\u00f6ffentlich verf\\u00fcgbar und k\\u00f6nnte genutzt werden.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-319\", \"description\": \"Cleartext Transmission of Sensitive Information\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-310\", \"description\": \"Cryptographic Issues\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-09-23T14:02:19.103Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-20200\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-23T14:55:15.540Z\", \"dateReserved\": \"2025-09-21T09:06:53.101Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-09-23T14:02:19.103Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.