CVE-2012-3887

AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:airdroid:airdroid:*:beta:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.4:beta:*:*:*:*:*:*
cpe:2.3:a:airdroid:airdroid:1.0.5:*:*:*:*:*:*:*

History

21 Nov 2024, 01:41

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html - Exploit () http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html - Exploit
References () http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - Exploit () http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - Exploit

Information

Published : 2012-07-26 22:55

Updated : 2024-11-21 01:41


NVD link : CVE-2012-3887

Mitre link : CVE-2012-3887

CVE.ORG link : CVE-2012-3887


JSON object : View

Products Affected

airdroid

  • airdroid
CWE
CWE-310

Cryptographic Issues