Security Advisory - Plaintext Storage of Users’ Safe Passwords in the Files APP in Huawei Mobile Phones

ID HUAWEI-SA-20170419-01-FILES
Type huawei
Reporter Huawei Technologies
Modified 2017-04-19T00:00:00


The Files APP in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. (Vulnerability ID: HWPSIRT-2017-03222) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2723. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: