202 – Unauthorized access to files - Debug APK

Description

The debug APK is available to anyone on the Internet.

Impact

- Host an APK in AWS. - Download the debug APK without any authentication, being able to analyze the application and find vulnerabilities easily.

Recommendation

Protect the APK behind some kind of authentication.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 096 - Set user's required privileges
• 176 - Restrict system objects
• 264 - Request authentication
• 320 - Avoid client-side control enforcement

Fixes

• Aws

Last updated

2024/02/16