DerScanner
Home / Vulnerability Database / Config files : Insecure permissions: write to external storage
Config files

Config files : Insecure permissions: write to external storage

Classification

OWASP Mobile Top 10 2014
M2-Insecure Data Storage
OWASP Mobile Top 10 2016
M2-Insecure Data Storage
HIPAA
§164.312 (c)(1)
CWE
CWE-250CWE-921
CWE/SANS Top 25 2011
CWE-250

Overview

The application writes data to an external storage device.

Files written to external storage device are readable by all applications and can be changed when the user connects the device to a computer in a USB drive mode. Besides, files stored in external storage will remain there even after the application is deleted. This can lead to a valuable data confidentiality loss.

References

  1. OWASP: Insecure Storage
  2. Storage Options - developer.android.com
  3. WRITE_EXTERNAL_STORAGE - developer.android.com
  4. CWE-250: Execution with Unnecessary Privileges
  5. CWE-921: Storage of Sensitive Data in a Mechanism without Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : Insecure permissions: write to external storage in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection