CVE-2012-3884

AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html	Exploit
http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt	Exploit
http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html	Exploit
http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:airdroid:airdroid:1.0.4:beta:*:*:*:*:*:*

History

21 Nov 2024, 01:41

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html - Exploit~~	() http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html - Exploit
References	~~() http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - Exploit~~	() http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - Exploit

Information

Published : 2012-07-26 22:55

Updated : 2024-11-21 01:41

NVD link : CVE-2012-3884

Mitre link : CVE-2012-3884

CVE.ORG link : CVE-2012-3884

JSON object : View

Products Affected

airdroid

airdroid

CWE

CWE-287

Improper Authentication

{"id": "CVE-2012-3884", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-26T22:55:01.700", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data."}, {"lang": "es", "value": "AirDroid v1.0.4 beta implementa la autenticaci\u00f3n mediante la transmisi\u00f3n directa de un hash de la contrase\u00f1a a trav\u00e9s de HTTP, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso espiando el tr\u00e1fico de la red inal\u00e1mbrica local y luego usando los datos de autenticaci\u00f3n.\r\n"}], "lastModified": "2024-11-21T01:41:47.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:airdroid:airdroid:1.0.4:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18DA093A-2C50-4D62-A65B-CDB061CCA01D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}