Simon Roses Femerling Security Advisory
www.simonroses.com
Title: Clear Text Secrets in PassmanLite Could Allow Access to Passwords
SRF ID: SRF-ADV-2011-01
CVE ID: CVE-2011-1840
Release Date: 06/05/2011
Affected Products: Passman Lite Password Manager 1.47 and ealier
Vendor: MARTINI CREATIONS
Technical Description
---------------------
PassmanLite Password Manager, an Android App to store and protect passwords on mobile devices, stores the master password
and database accounts in clear text.
Impact
------
Successful exploitation of this vulnerability allows access to all information protected by the application.
However for this attack to success, attacker would require access to system shell or being able to read files through
another attack vector.
Solution
--------
Upgrade to Passman Lite 1.48 via Android Market.
Feedback
--------
If you have additional information or corrections for this security advisory please contact us at www.simonroses.com