DerScanner
Home / Vulnerability Database / JavaScript : Unsafe internal storage
JavaScript

JavaScript : Unsafe internal storage

Classification

OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP ASVS
Data Protection
CWE
CWE-312CWE-313CWE-922

Overview

The application insecurely stores sensitive information.

Async Storage - a module in React Native that provides asynchronous, unencrypted storage as a key-value pair.

Data in Async Storage is well isolated and protected from access to it from other apps. Despite this, an attacker with access to the device can get the contents of the sandbox and extract the data saved in Async Storage. It’s especially dangerous for devices with jailbreak (for iOS) and rooting (for Android).

References

  1. Security React Native
  2. OWASP Top Ten 2017 A3-Sensitive Data Exposure
  3. CWE-922: Insecure Storage of Sensitive Information
  4. CWE-312: Cleartext Storage of Sensitive Information
MEDIUM

DerScanner Severity Score

Do you want to fix JavaScript : Unsafe internal storage in your application?

See also

JavaScript

JavaScript : Null salt

JavaScript

JavaScript : Empty encryption key

JavaScript

JavaScript : Unsafe Azure access control