Описание
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:nq:contacts_backup_\&_restore:1.1:*:*:*:*:android:*:*
EPSS
Процентиль: 36%
0.00153
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.
EPSS
Процентиль: 36%
0.00153
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-319