172 – Insecure service configuration - App Backup
Description
The application has the backup option active, which allows an attacker who has access to a users device to obtain the information stored by the application inside the device.
Impact
Obtain confidential user and application information.
Recommendation
Unless absolutely necessary, the application should not allow to backup itself.
Threat
Anonymous attacker with local access to a users device.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: L
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: X