Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.
References
Link | Resource |
---|---|
http://osvdb.org/43625 | Broken Link |
http://osvdb.org/43626 | Broken Link |
http://securityreason.com/securityalert/3333 | Broken Link |
http://www.airscanner.com/security/07101401_mobilespy.htm | Broken Link |
http://www.informit.com/articles/article.aspx?p=1077909 | Third Party Advisory |
http://www.securityfocus.com/archive/1/482663/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/26177 | Broken Link Third Party Advisory VDB Entry |
Configurations
History
14 Feb 2024, 15:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 7.5 |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/482663/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (OSVDB) http://osvdb.org/43626 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/26177 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SREASON) http://securityreason.com/securityalert/3333 - Broken Link | |
References | (OSVDB) http://osvdb.org/43625 - Broken Link | |
References | (MISC) http://www.airscanner.com/security/07101401_mobilespy.htm - Broken Link | |
References | (MISC) http://www.informit.com/articles/article.aspx?p=1077909 - Third Party Advisory | |
CWE | CWE-200 |
CWE-312 |
CPE | cpe:2.3:a:flexispy:mobile_spy:-:*:*:*:*:*:*:* | |
First Time |
Flexispy
Flexispy mobile Spy |
Information
Published : 2007-11-01 16:46
Updated : 2024-02-28 11:01
NVD link : CVE-2007-5778
Mitre link : CVE-2007-5778
CVE.ORG link : CVE-2007-5778
JSON object : View
Products Affected
flexispy
- mobile_spy
CWE
CWE-312
Cleartext Storage of Sensitive Information