Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWE-276: Incorrect Default Permissions #309

Open
wojciodataist opened this issue Feb 20, 2024 · 1 comment
Open

CWE-276: Incorrect Default Permissions #309

wojciodataist opened this issue Feb 20, 2024 · 1 comment

Comments

@wojciodataist
Copy link

Hi,

I'm performing a security tests on an android mobile app that uses android-checkout-sdk.
While doing code analysis of the app I've stumbled upon an issue with: The file or SharedPreference is World Writable. Any App can write to the file which is a standard of:
CWE-276: Incorrect Default Permissions
OWASP Top 10: M2: Insecure Data Storage
OWASP MASVS: MSTG-STORAGE-2

The issue is stored in com/paypal/pyplcheckout/data/repositories/cache/Cache.java

Is this something that we should take care of on our side? If so, then maybe you have some suggestions what can be done?
@github-actions GitHub Actions
Copy link

Thank you for reaching out to the Native Checkout SDK team. This integration path is now inactive for new merchants.
If you are an existing merchant, please contact us here for further assistance.

New merchants can integrate the Native Checkout experience via the Braintree Android SDK or PayPal Android SDK.
For more information please see their respective developer documentation linked below.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wojciodataist