CVE Vulnerabilities

CVE-2021-25358

Plaintext Storage of a Password

Published: Apr 09, 2021 | Modified: Nov 21, 2024
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.

Weakness

The product stores a password in plaintext within resources such as memory or files.

Affected Software

Name Vendor Start Version End Version
Android Google 9.0 (including) 9.0 (including)
Android Google 10.0 (including) 10.0 (including)

Potential Mitigations

References