{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2017-20200", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-09-21T09:06:53.101Z", "datePublished": "2025-09-23T14:02:19.103Z", "dateUpdated": "2025-09-23T14:55:15.540Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-23T14:02:19.103Z"}, "title": "Coinomi cleartext transmission", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-319", "lang": "en", "description": "Cleartext Transmission of Sensitive Information"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-310", "lang": "en", "description": "Cryptographic Issues"}]}], "affected": [{"vendor": "n/a", "product": "Coinomi", "versions": [{"version": "1.7.0", "status": "affected"}, {"version": "1.7.1", "status": "affected"}, {"version": "1.7.2", "status": "affected"}, {"version": "1.7.3", "status": "affected"}, {"version": "1.7.4", "status": "affected"}, {"version": "1.7.5", "status": "affected"}, {"version": "1.7.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: \"(...) there isn't any security implication associated with your findings.\""}, {"lang": "de", "value": "In Coinomi up to 1.7.6 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Das Ausnutzen gilt als schwierig. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2017-11-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-09-21T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-09-22T07:02:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Luke Childs", "type": "finder"}, {"lang": "en", "value": "lukechilds (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "lukechilds (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.325143", "name": "VDB-325143 | Coinomi cleartext transmission", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.325143", "name": "VDB-325143 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.653875", "name": "Submit #653875 | COINOMI LTD Coinomi <=1.7.6 Cleartext Transmission of Sensitive Information (information dis", "tags": ["third-party-advisory"]}, {"url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213", "tags": ["broken-link", "issue-tracking"]}, {"url": "https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/", "tags": ["related"]}, {"url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/", "tags": ["related"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-23T14:54:17.895560Z", "id": "CVE-2017-20200", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-23T14:55:15.540Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-20200", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-23T14:54:17.895560Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-23T14:55:11.845Z"}}], "cna": {"title": "Coinomi cleartext transmission", "credits": [{"lang": "en", "type": "finder", "value": "Luke Childs"}, {"lang": "en", "type": "reporter", "value": "lukechilds (VulDB User)"}, {"lang": "en", "type": "analyst", "value": "lukechilds (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:C"}}], "affected": [{"vendor": "n/a", "product": "Coinomi", "versions": [{"status": "affected", "version": "1.7.0"}, {"status": "affected", "version": "1.7.1"}, {"status": "affected", "version": "1.7.2"}, {"status": "affected", "version": "1.7.3"}, {"status": "affected", "version": "1.7.4"}, {"status": "affected", "version": "1.7.5"}, {"status": "affected", "version": "1.7.6"}]}], "timeline": [{"lang": "en", "time": "2017-11-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-09-21T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-09-22T07:02:33.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.325143", "name": "VDB-325143 | Coinomi cleartext transmission", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.325143", "name": "VDB-325143 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.653875", "name": "Submit #653875 | COINOMI LTD Coinomi <=1.7.6 Cleartext Transmission of Sensitive Information (information dis", "tags": ["third-party-advisory"]}, {"url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213", "tags": ["broken-link", "issue-tracking"]}, {"url": "https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/", "tags": ["related"]}, {"url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: \"(...) there isn't any security implication associated with your findings.\""}, {"lang": "de", "value": "In Coinomi up to 1.7.6 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Das Ausnutzen gilt als schwierig. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "Cleartext Transmission of Sensitive Information"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-310", "description": "Cryptographic Issues"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-23T14:02:19.103Z"}}}, "cveMetadata": {"cveId": "CVE-2017-20200", "state": "PUBLISHED", "dateUpdated": "2025-09-23T14:55:15.540Z", "dateReserved": "2025-09-21T09:06:53.101Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-09-23T14:02:19.103Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been disclosed to the public and may be used. The vendor replied with: \"(...) there isn't any security implication associated with your findings.\""}], "id": "CVE-2017-20200", "lastModified": "2025-09-24T18:11:24.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-09-23T14:15:35.257", "references": [{"source": "[email protected]", "url": "https://vuldb.com/?ctiid.325143"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.325143"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.653875"}, {"source": "[email protected]", "url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213"}, {"source": "[email protected]", "url": "https://web.archive.org/web/20171013065745/https://github.com/Coinomi/coinomi-android/issues/213#issuecomment-332371549"}, {"source": "[email protected]", "url": "https://www.reddit.com/r/Bitcoin/comments/72yvnj/so_coinomis_official_response_on_the/"}, {"source": "[email protected]", "url": "https://www.reddit.com/r/CryptoCurrency/comments/72osq7/security_warning_coinomi_wallet_transmits_all/dnkhpob/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}, {"lang": "en", "value": "CWE-319"}], "source": "[email protected]", "type": "Primary"}]}

{}