CVE-2007-5778

Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.
Configurations

Configuration 1 (hide)

cpe:2.3:a:flexispy:mobile_spy:-:*:*:*:*:*:*:*

History

14 Feb 2024, 15:20

Type Values Removed Values Added
CVSS v2 : 6.4
v3 : unknown
v2 : 6.4
v3 : 7.5
References (BUGTRAQ) http://www.securityfocus.com/archive/1/482663/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/482663/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (OSVDB) http://osvdb.org/43626 - (OSVDB) http://osvdb.org/43626 - Broken Link
References (BID) http://www.securityfocus.com/bid/26177 - (BID) http://www.securityfocus.com/bid/26177 - Broken Link, Third Party Advisory, VDB Entry
References (SREASON) http://securityreason.com/securityalert/3333 - (SREASON) http://securityreason.com/securityalert/3333 - Broken Link
References (OSVDB) http://osvdb.org/43625 - (OSVDB) http://osvdb.org/43625 - Broken Link
References (MISC) http://www.airscanner.com/security/07101401_mobilespy.htm - (MISC) http://www.airscanner.com/security/07101401_mobilespy.htm - Broken Link
References (MISC) http://www.informit.com/articles/article.aspx?p=1077909 - (MISC) http://www.informit.com/articles/article.aspx?p=1077909 - Third Party Advisory
CWE CWE-310
CWE-200
CWE-312
CPE cpe:2.3:a:mobile-spy:mobile-spy:*:*:*:*:*:*:*:* cpe:2.3:a:flexispy:mobile_spy:-:*:*:*:*:*:*:*
First Time Flexispy
Flexispy mobile Spy

Information

Published : 2007-11-01 16:46

Updated : 2024-02-28 11:01


NVD link : CVE-2007-5778

Mitre link : CVE-2007-5778

CVE.ORG link : CVE-2007-5778


JSON object : View

Products Affected

flexispy

  • mobile_spy
CWE
CWE-312

Cleartext Storage of Sensitive Information