Citi Mobile Local File Storage May Disclose Potentially Sensitive Information to Local Users
|
|
SecurityTracker Alert ID: 1024249 |
|
SecurityTracker URL: http://securitytracker.com/id/1024249
|
|
CVE Reference:
CVE-2010-2913
(Links to External Site)
|
Updated: Aug 5 2010
|
Original Entry Date: Jul 27 2010
|
Impact:
Disclosure of authentication information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.0.3
|
Description:
A vulnerability was reported in Citi Mobile. A local user can obtain potentially sensitive account information.
The application stores potentially sensitive information in a hidden file on the device, including account numbers, bill payments, and security access codes. A local user may be able to access the information.
If the device data is backed up via iTunes, a local user on the system hosting iTunes may also be able to access the information.
|
Impact:
A local user can obtain potentially sensitive account information, including account numbers, bill payments, and security access codes.
|
Solution:
The vendor has issued a fix (2.0.3).
The vendor's advisory is available at:
http://itunes.apple.com/us/app/citi-mobile-sm/id301724680?mt=8
|
Vendor URL: www.citibank.com/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
iOS
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 27 Jul 2010 03:33:29 +0000
Subject: Citi Mobile
|
http://itunes.apple.com/us/app/citi-mobile-sm/id301724680?mt=8
|
|
