173 – Insecure service configuration - Backup
Description
The mobile application is allowed to backup the application data stored on the device, allowing information leaks to occur.
Impact
Obtain confidential information from the application.
Recommendation
Securely configure the service so that it does not allow data backups.
Threat
Unauthenticated attacker with physical access to mobile device.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: P
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P