CVE-2018-10812

low-risk
Published 2018-05-08

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/shared_prefs/com.bitpie_preferences.xml (on Android) or a plist file in the app data folder (on iOS).

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.1/10 Medium
LOCAL / HIGH complexity

Affected Products (2)

Bitcoin Wallet
Bitcoin Wallet

Affected Vendors

Bitpie

References (3)

Broken Link https://github.com/edwardz246003/misc/blob/master/Bitpie.md
Third Party Advisory https://github.com/edwardz246003/misc/blob/master/Bitpie%20CVE-2018-10812..md
Broken Link https://github.com/edwardz246003/misc/blob/master/Bitpie.md
18
/ 100
low-risk
Severity 11/34 · Low
Exploitability 0/34 · Minimal
Exposure 7/34 · Low