Login Sign Up

CVE-2020-35455

7.8 HIGH

📋 TL;DR

The Taidii Diibear Android application versions 2.4.0 and derivatives store user credentials insecurely in Shared Preferences and SQLite databases, allowing attackers with physical or malware access to the device to extract login information. This affects all users of the vulnerable application versions on Android devices.

💻 Affected Systems

Products:
  • Taidii Diibear Android application
Versions: 2.4.0 and all derivatives
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default as insecure storage is inherent to the application design.

📦 What is this software?

Diibear by Taidii

View all CVEs affecting Diibear →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full access to user accounts, potentially compromising sensitive personal data, financial information, or enabling identity theft and unauthorized transactions.

🟠

Likely Case

Local attackers or malware on the device extracts stored credentials, leading to account takeover and potential data exposure.

🟢

If Mitigated

With proper credential encryption and secure storage practices, credentials remain protected even if local storage is accessed.

🌐 Internet-Facing: LOW - This is primarily a local storage vulnerability requiring access to the device.
🏢 Internal Only: HIGH - Malware or malicious apps on the device can easily extract credentials from insecure storage.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires local access to the device or malware installation. Public GitHub repository demonstrates credential extraction techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

1. Check Google Play Store for application updates. 2. If no update is available, uninstall the application until a secure version is released.

🔧 Temporary Workarounds

Uninstall vulnerable application

android

Remove the Taidii Diibear application from affected devices

adb uninstall com.taidii.diibear

Disable application permissions

android

Revoke all permissions from the application in Android settings

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Monitor for suspicious account activity and implement multi-factor authentication where possible

🔍 How to Verify

Check if Vulnerable:

Check application version in Android settings or Google Play Store. If version is 2.4.0 or unknown derivative, assume vulnerable.

Check Version:

adb shell dumpsys package com.taidii.diibear | grep versionName

Verify Fix Applied:

Verify application has been updated to a version later than 2.4.0 or has been removed from the device.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to application data directories
  • Suspicious file reads from /data/data/com.taidii.diibear/

Network Indicators:

  • Unexpected authentication attempts from new devices
  • Account login from unusual locations

SIEM Query:

process:adb AND (command:shell OR command:pull) AND path:*com.taidii.diibear*

📊 Metadata

CVE ID: CVE-2020-35455
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-312
Published: March 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35455, you might also want to check these:

CVE-2022-43757 9.9

CVE-2022-43757 is a cleartext storage vulnerability in SUSE Rancher that allows users on managed clu...

Same vulnerability type (CWE-312)
CVE-2021-29954 9.8

This vulnerability in Hubs Cloud's Reticulum software allowed attackers to use the proxy functionali...

Same vulnerability type (CWE-312)
CVE-2022-26148 9.8

This vulnerability exposes Zabbix account passwords in Grafana's HTML source code when integrated wi...

Same vulnerability type (CWE-312)