Lenovo Connect2 Ad-hoc Wifi Network Key Stored in User-readable Location - us

Lenovo Security Advisory: LEN-14398

Potential Impact: Disclosure of ad-hoc wifi network key stored in user-readable location

Severity: Medium

**Scope of Impact:**Lenovo Specific

**CVE Identifier:**CVE-2017-3742

Summary Description:

An internal assessment has identified a vulnerability in Lenovo Connect2 when an ad-hoc connection is made between two systems for the purpose of sharing files. The password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user’s contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.

Lenovo Connect2 is a program used to transfer files between PCs and Android mobile devices.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update to the latest version of Connect2, 4.2.5.4885 or later for Windows and 4.2.5.3071 or later for Android.

For a complete list of all Lenovo Product Security Advisories, click here.

Revision History:

Revision

|

Date

|

Description

—|—|—

1

|

7/13/2017

|

Initial Release

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.