Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Insteon for Hub by Insteon

    CVE-2017-5250 (GCVE-0-2017-5250)

    Vulnerability from nvd – Published: 2018-02-22 16:00 – Updated: 2024-08-05 14:55
    VLAI
    Summary
    In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
    Severity
    No CVSS data available.
    CWE
    • CWE-922 - (Insecure Storage of Sensitive Information)
    Assigner
    References
    Impacted products
    Date Public
    2018-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Insteon for Hub",
              "vendor": "Insteon",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.9.7"
                }
              ]
            }
          ],
          "datePublic": "2018-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In version 1.9.7 and prior of Insteon\u0027s Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-922",
                  "description": "CWE-922 (Insecure Storage of Sensitive Information)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-22T15:57:01.000Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@rapid7.com",
              "ID": "CVE-2017-5250",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Insteon for Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Insteon"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In version 1.9.7 and prior of Insteon\u0027s Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-922 (Insecure Storage of Sensitive Information)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2017-5250",
        "datePublished": "2018-02-22T16:00:00.000Z",
        "dateReserved": "2017-01-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:55:35.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5250 (GCVE-0-2017-5250)

    Vulnerability from cvelistv5 – Published: 2018-02-22 16:00 – Updated: 2024-08-05 14:55
    VLAI
    Summary
    In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
    Severity
    No CVSS data available.
    CWE
    • CWE-922 - (Insecure Storage of Sensitive Information)
    Assigner
    References
    Impacted products
    Date Public
    2018-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Insteon for Hub",
              "vendor": "Insteon",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.9.7"
                }
              ]
            }
          ],
          "datePublic": "2018-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In version 1.9.7 and prior of Insteon\u0027s Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-922",
                  "description": "CWE-922 (Insecure Storage of Sensitive Information)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-22T15:57:01.000Z",
            "orgId": "9974b330-7714-4307-a722-5648477acda7",
            "shortName": "rapid7"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@rapid7.com",
              "ID": "CVE-2017-5250",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Insteon for Hub",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.9.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Insteon"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In version 1.9.7 and prior of Insteon\u0027s Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-922 (Insecure Storage of Sensitive Information)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
        "assignerShortName": "rapid7",
        "cveId": "CVE-2017-5250",
        "datePublished": "2018-02-22T16:00:00.000Z",
        "dateReserved": "2017-01-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:55:35.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }