CVE-2017-5250
First published: Thu Feb 22 2018(Updated: )
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insteon Hub | <=1.9.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-5250?
CVE-2017-5250 has a medium-level severity due to improper storage of the OAuth token.
How do I fix CVE-2017-5250?
To fix CVE-2017-5250, update the Insteon for Hub Android app to version 1.9.8 or later.
What is CVE-2017-5250 about?
CVE-2017-5250 pertains to the insecure storage of OAuth tokens in the Insteon for Hub Android app.
Which versions of Insteon for Hub are affected by CVE-2017-5250?
Versions 1.9.7 and prior of Insteon for Hub are affected by CVE-2017-5250.
Is the Insteon for Hub Android app vulnerable to data leaks due to CVE-2017-5250?
Yes, CVE-2017-5250 may lead to potential data leaks due to improper security of user access tokens.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/insteon
- canonical/insteon hub
- version/insteon hub/1.9.7