Lucene search

[email protected]CVE-2012-3886

HistoryJul 26, 2012 - 10:55 p.m.

CVE-2012-3886

2012-07-2622:55:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2012-3886

airdroid

vulnerability

md5 algorithm

remote attackers

cleartext data

network sniffing

brute-force attack

rainbow-table attack

nvd

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack.

CPENameOperatorVersion
airdroid:airdroidairdroideq1.0.4

CPE	Name	Operator	Version
airdroid:airdroid	airdroid	eq	1.0.4

References

archives.neohapsis.com/archives/bugtraq/2012-07/0087.html

www.tele-consulting.com/advisories/TC-SA-2012-02.txt

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for CVE-2012-3886

prion1 securityvulns2