Title: [Java] CWE-312: Query to detect cleartext storage of sensitive information using Android SharedPreferences · Issue #205 · github/securitylab · GitHub
Open Graph Title: [Java] CWE-312: Query to detect cleartext storage of sensitive information using Android SharedPreferences · Issue #205 · github/securitylab
X Title: [Java] CWE-312: Query to detect cleartext storage of sensitive information using Android SharedPreferences · Issue #205 · github/securitylab
Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. Report Describe the vulnerability. Provide any information you think will help GitHub assess the imp...
Open Graph Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. Report Describe the vulnerability. Provide any information y...
X Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. Report Describe the vulnerability. Provide any information y...
Opengraph URL: https://github.com/github/securitylab/issues/205
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[Java] CWE-312: Query to detect cleartext storage of sensitive information using Android SharedPreferences","articleBody":"## CVE ID(s)\r\n\r\n*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*\r\n\r\n\r\n## Report\r\n\r\n*Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.*\r\n\u003ccode\u003eSharedPreferences\u003c/code\u003e is an Android API that stores application preferences using simple sets of data values. Almost every Android application uses this API. It allows to easily save, alter, and retrieve the values stored in \u003ccode\u003eSharedPreferences\u003c/code\u003e.\r\n\r\nHowever, sensitive information should not be saved in cleartext. Otherwise it can be accessed by any process or user on rooted devices, or can be disclosed through chained vulnerabilities e.g. unexpected access to its private storage through exposed components. Hundreds of GitHub repositories have this vulnerability of storing sensitive information in cleartext.\r\n\r\nThe query detects this issue and integrates with the existing core libraries. \r\n\r\nRelevant PR: [#4675](https://github.com/github/codeql/pull/4675)\r\n\r\n- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*\r\n\r\n## Result(s)\r\n\r\n*Provide at least one useful result found by your query, on some revision of a real project.*\r\n\r\n- [zhuo_ning-iot-controller](https://github.com/dustss/zhuo_ning-iot-controller)\r\n","author":{"url":"https://github.com/luchua-bc","@type":"Person","name":"luchua-bc"},"datePublished":"2020-11-16T17:38:29.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":6},"url":"https://github.com/205/securitylab/issues/205"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:58d7cd24-b83c-b2da-2838-3b5c09576e43 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | DC9C:37F05C:24BBFF:357752:6A4D0A55 |
| html-safe-nonce | 534b9d804b49107495194c6a57d7f61fb51bef2654d2b764de4d01b02308d624 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEQzlDOjM3RjA1QzoyNEJCRkY6MzU3NzUyOjZBNEQwQTU1IiwidmlzaXRvcl9pZCI6Ijg4ODk1MDY5OTkzMTEzMzgwNjkiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | cb1e762908a28837f517c4c0cec538fc80782f6f6c3b3252673550e0a76354ae |
| hovercard-subject-tag | issue:744030957 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/205/issue_layout |
| twitter:image | https://opengraph.githubassets.com/458b088db3a0ce824ab751822e42bc7c5dba609646e667fd9418af13ad268883/github/securitylab/issues/205 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/458b088db3a0ce824ab751822e42bc7c5dba609646e667fd9418af13ad268883/github/securitylab/issues/205 |
| og:image:alt | CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. Report Describe the vulnerability. Provide any information y... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | luchua-bc |
| hostname | github.com |
| expected-hostname | github.com |
| None | 31e4db13a9e20081f2fac78f441659a6576e582bbb15e153f9c7fb6473aa29f5 |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | fb70bd3c4b2bec429781b65419e912c66e2d5581 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width