AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack.
References
Configurations
History
21 Nov 2024, 01:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html - Exploit | |
References | () http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - Exploit |
Information
Published : 2012-07-26 22:55
Updated : 2024-11-21 01:41
NVD link : CVE-2012-3886
Mitre link : CVE-2012-3886
CVE.ORG link : CVE-2012-3886
JSON object : View
Products Affected
airdroid
- airdroid
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor