RSS   Vulnerabilities for 'Contacts backup & restore'   RSS

2017-10-29
 
CVE-2017-15999

CWE-319
 

 
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.

 
 
CVE-2017-15998

CWE-327
 

 
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.

 
 
CVE-2017-15997

CWE-327
 

 
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.

 

 >>> Vendor: NQ 6 Products
Vault-hide sms, pics & videos
Nq mobile security & antivirus
Easy finder & anti-theft
Antivirus free
Vault-hide sms pics & videos
Contacts backup & restore


Copyright 2019, cxsecurity.com

 

Back to Top