Unauthorized access to files - Debug APK
Description
The debug APK is available to anyone on the Internet.
Impact
- Host an APK in AWS. - Download the debug APK without any authentication, being able to analyze the application and find vulnerabilities easily.
Recommendation
Protect the APK behind some kind of authentication.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
096 - Set user's required privileges176 - Restrict system objects264 - Request authentication320 - Avoid client-side control enforcementFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N