Vulners
Lucene search
Android HTC Mail Insecure Password Management
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Android HTC Mail insecure password management
Classification:
===============
Level: low-[MED]-high-crit
ID: HEXVIEW*2012*08*05*01
URL: http://www.hexview.com/docs/20120805-1.txt
Overview:
=========
HTC is $9.5B(USD) Taiwanese manufacturer of smartphones and tablets, primarily
Android-based. HTC's devices account for 5% of the smartphone market and for
about 15% of all Android devices sold in the US. Most HTC devices come with an
application called HTC Mail. HexView discovered that HTC Mail insecurely stores
mailbox credentials.
Affected products:
==================
HTC Mail application, all versions (package: com.htc.android.mail)
Vulnerability Summary:
======================
Android OS comes with a feature called AccountManager that lets applications
manage user credentials in a more or less secure fashion. HTC Mail instead stores
usernames and passwords directly in its database obfuscated with a weak, trivial
to reverse algorithm.
Technical Details:
==================
HTC Mail application stores user credentials in the 'accounts' table in its 'mail.db'
SQLite database. The table contains usernames, email addresses, hostnames, mailbox
and SMTP passwords for each mail account configured in the Mail application. All data
is stored in a plain text except for passwords that are "encrypted" as follows:
1. Password characters at odd and even positions are swapped.
2. The byteswapped string is base-64 encoded twice.
3. The resulting base64-encoded password is stored in the database.
Demonstration:
==================
HexView produced a script for the GameSpector application (available in Google Play)
that decodes and displays HTC mail passwords. GameSpector requires root access.
Distribution:
=============
This document may be freely distributed through any channels as long as
its content is kept intact. Commercial use of the information in the
document is not allowed without written permission from HexView.
Please direct all questions to [email protected]
About HexView:
==============
HexView is a technology consulting boutique offering a variety of information
security services, including security assessments of mobile applications.
For more information visit http://www.hexview.com
Feedback and comments:
======================
Feedback and questions about this disclosure are welcome at [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlAezhcACgkQDPV1+KQrDqQW8gCfcT0koImRoJppbUwVkweaoxmG
xD4Anj4osjlOWR1JmnWbLAwcoeHN0UjJ
=g+yV
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Aug 2012 00:00Current
7.4High risk
Vulners AI Score7.4