The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bitcoin_wallet | Bitpie | * | 3.2.4 (including) |