Insecure Storage of Confidential Information in Send Anywhere Android App

Insecure Storage of Confidential Information in Send Anywhere Android App

CVE-2019-13100 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a valid user via /data/data/com.estmob.android.sendanywhere/shared_prefs/sendanywhere_device.xml.

Learn more about our Cis Benchmark Audit For Google Android.