AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html - Exploit | |
References | () http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - Exploit |
Information
Published : 2012-07-26 22:55
Updated : 2024-11-21 01:41
NVD link : CVE-2012-3887
Mitre link : CVE-2012-3887
CVE.ORG link : CVE-2012-3887
JSON object : View
Products Affected
airdroid
- airdroid
CWE
CWE-310
Cryptographic Issues