Synopsis
The unencrypted list of whitelistedWebsites (enabled dApps) is stored in storage.local, which is stored in plaintext to the filesystem as a levelDB file. This can be altered by an attacker to register a website as whitelisted without user interaction. Because the list of authorized websites functions as a security control for the wallet, maintaining the integrity of the data using an authenticated encryption scheme is critical to the security of the user.
Impact
An attacker with write access to the filesystem can add a website to the whitelistedWebsites list without user interaction. This would enable the attacker to perform the attack discussed in Issue A as well as learn private user data relating to the user account such as addresses.
Synopsis The unencrypted list of whitelistedWebsites (enabled dApps) is stored in storage.local, which is stored in plaintext to the filesystem as a levelDB file. This can be altered by an attacker to register a website as whitelisted without user interaction. Because the list of authorized websites functions as a security control for the wallet, maintaining the integrity of the data using an authenticated encryption scheme is critical to the security of the user.
Impact An attacker with write access to the filesystem can add a website to the whitelistedWebsites list without user interaction. This would enable the attacker to perform the attack discussed in Issue A as well as learn private user data relating to the user account such as addresses.
Refer to full audit report first - Issue J
https://allinbits.slack.com/archives/C02U9SVJT97/p1652107168347859