CVE-2017-11136

{"id": "CVE-2017-11136", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-08-01T14:29:00.610", "references": [{"url": "http://seclists.org/fulldisclosure/2017/Jul/90", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2017/Jul/90", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of messages. However, the private RSA key is not only stored on the client but transmitted to the backend, too. Moreover, the key to decrypt the private key is composed of the first 32 bytes of the SHA-512 hash of the user password. But this hash is stored on the backend, too. Therefore, everyone with access to the backend database can read the transmitted secret for symmetric encryption, hence can read the communication."}, {"lang": "es", "value": "Se ha descubierto un error en la versi\u00f3n 1.7.5 de heinekingmedia StashCat para Android, en la versi\u00f3n 0.0.80w para web, y 0.0.86 para ordenador. Se utiliza RSA para intercambiar un secreto para el cifrado sim\u00e9trico de los mensajes. Sin embargo, la clave privada RSA no solo se almacena en el lado del cliente, sino que tambi\u00e9n se transmite al backend. Adem\u00e1s, la clave necesaria para descifrar la clave privada est\u00e1 compuesta de los primeros 32 bytes del hash SHA-512 de la contrase\u00f1a del usuario, pero este hash tambi\u00e9n est\u00e1 almacenado en el backend. Por ello, cualquier usuario que tenga acceso a la base de datos del backend puede leer el secreto que se transmite para el cifrado sim\u00e9trico y, por lo tanto, puede leer la comunicaci\u00f3n."}], "lastModified": "2024-11-21T03:07:10.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "97F04CBB-21CF-4DC2-9E98-70DF7B355308", "versionEndIncluding": "1.7.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:web:*:*:*", "vulnerable": true, "matchCriteriaId": "7E553895-3705-4809-99B5-D5E950740406", "versionEndIncluding": "0.0.80w"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:desktop:*:*:*", "vulnerable": true, "matchCriteriaId": "1B54E116-A0F8-4EF9-BC5B-A998B6A5572B", "versionEndIncluding": "0.0.86w"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}