Clear Text Secrets in PassmanLite Could Allow Access to Passwords

2011.05.17
Credit: Simon Roses
Risk: Low
Local: Yes
Remote: No
CWE: CWE-310


Ogólna skala CVSS: 2.1/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 3.9/10
Wymagany dostęp: Lokalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Brak
Wpływ na dostępność: Brak

Simon Roses Femerling Security Advisory www.simonroses.com Title: Clear Text Secrets in PassmanLite Could Allow Access to Passwords SRF ID: SRF-ADV-2011-01 CVE ID: CVE-2011-1840 Release Date: 06/05/2011 Affected Products: Passman Lite Password Manager 1.47 and ealier Vendor: MARTINI CREATIONS Technical Description --------------------- PassmanLite Password Manager, an Android App to store and protect passwords on mobile devices, stores the master password and database accounts in clear text. Impact ------ Successful exploitation of this vulnerability allows access to all information protected by the application. However for this attack to success, attacker would require access to system shell or being able to read files through another attack vector. Solution -------- Upgrade to Passman Lite 1.48 via Android Market. Feedback -------- If you have additional information or corrections for this security advisory please contact us at www.simonroses.com

Referencje:

http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt
http://www.securityfocus.com/bid/47765


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top