CVE-2011-1717
N/A
N/A
Summary
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/
- http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html
- http://www.theregister.co.uk/2011/04/15/skype_for_android_vulnerable/
- http://www.securitytracker.com/id?1025387
References
- http://www.androidpolice.com/2011/04/14/exclusive-vulnerability-in-skype-for-android-is-exposing-your-name-phone-number-chat-logs-and-a-lot-more/
- http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html
- http://www.theregister.co.uk/2011/04/15/skype_for_android_vulnerable/
- http://www.securitytracker.com/id?1025387
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.