Vulners
Lucene search
GoToMeeting Information Disclosure
🗓️ 26 Jan 2014 00:00:00Reported by Claudio J. LacayoType 
packetstorm🔗 packetstormsecurity.com👁 35 Views
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2014-1664 | 23 Jan 201400:00 | – | circl |
 | CVE-2014-1664 | 26 Jan 201420:00 | – | cve |
 | CVE-2014-1664 | 26 Jan 201420:00 | – | cvelist |
 | EUVD-2014-1738 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-1664 | 26 Jan 201420:55 | – | nvd |
 | Authentication flaw | 26 Jan 201420:55 | – | prion |
 | [CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android) | 3 Feb 201400:00 | – | securityvulns |
| Citrix GoToMeeting information leakage | 3 Feb 201400:00 | – | securityvulns |
 | GoToMeeting for Android多个本地信息泄露漏洞 | 10 Feb 201400:00 | – | seebug |
`1. ADVISORY INFORMATION
========================
Title: GoToMeeting Information Disclosure via Logging Output (Android)
CVE: CVE-2014-1664
CVE Information: ASSIGNED
Date published: PUBLIC
Date of last update: 01/23/2014
Vendor Contacted: Citrix
Release mode: Coordinated Release
2. VULNERABILITY INFORMATION
=============================
Class: Information Disclosure
Impact: CVSS Details specified below
Remotely Exploitable: No
Locally Exploitable: Yes
CVE Name: [CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)
3. VULNERABILITY DESCRIPTION
============================
The latest release of the software is vulnerable to information disclosure via logging output, resulting in the leak of userID, meeting details, and authentication tokens. Android applications with permissions to read system log files may obtain the leaked information.
4. VULNERABLE PACKAGES
======================
- com.citrixonline.android.gotomeeting-1.apk version 5.0.799.1238 (Android)
5. NON-VULNERABLE PACKAGES
==========================
- other platforms untested
6. CREDITS
===========
This vulnerability was discovered and researched by Claudio J. Lacayo.
7. TECHNICAL DESCRIPTION / PROOF OF CONCEPT CODE
=================================================
<! ----- SNIPPET ------- !>
D/G2M (32190): HttpRequest to: https://www2.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&android=true&MeetingID=[MEETING_ID_REDACTED]
E/qcom_sensors_hal( 787): hal_process_report_ind: Bad item quality: 11
D/dalvikvm(32190): GC_CONCURRENT freed 1322K, 43% free 20491K/35456K, paused 6ms+1ms, total 33ms
D/G2M (32190): HttpRequest response from: GET https://www2.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&android=true&MeetingID=[MEETING_ID_REDACTED] -> 200
D/G2M (32190): HttpRequest response body: GET https://www2.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&android=true&MeetingID=[MEETING_ID_REDACTED] -> {"Status":"Redirect","RedirectHost":"www1.gotomeeting.com","MeetingId":"[MEETING_ID_REDACTED]"}
D/G2M (32190): Got 302 from legacy JSON API: www1.gotomeeting.com
D/G2M (32190): HttpRequest to: https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?android=true&MeetingID=[MEETING_ID_REDACTED]
D/G2M (32190): HttpRequest response from: GET https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?android=true&MeetingID=[MEETING_ID_REDACTED] -> 200
D/G2M (32190): HttpRequest response body: GET https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?android=true&MeetingID=[MEETING_ID_REDACTED] -> {"Status":"MeetingNotStarted","MeetingId":"[MEETING_ID_REDACTED]","IsRecurring":false,"Endpoints":["Native"],"OrganizerName":"[REDACTED]","Subject":"[REDACTED]","MaxAttendees":100,"IsWebinar":false,"AudioParameters":{"CommParams":{"disableUdp":false},"ConferenceParams":{"supportedModes":"VoIP,PSTN,Private","initialMode":"Hybrid","SpeakerInfo":{"PhoneInfo":[{"description":"Default","number":"[REDACTED],"authToken":"AAFe4rYexu4Dm7qrL45/Egx+AAAAAFLdeSkAAAAAUt7KqUbWYmXH3OcczkhGaWRf0wM2OKWa","accessCode":"REDACTED"},"userId":"userId","authToken":"EAEBAQEBAQEBAQEBAQEBAQE=","privateMessage":"","audioKey":-1,"BridgeMutingControl":true,"VCBParams":{"Codec":[{"payloadType":103,"frameLength":30,"name":"ISAC","bitrate":32000,"channels":1,"samplingRate":16000},{"payloadType":0,"frameLength":20,"name":"PCMU","bitrate":64000,"ch
annels":1,"samplingRate":8000}],"VCB":{"port":5060,"ipAddr":"10.23.70.151"},"Options":{"asUpdates":true,"rtUpdates":true,"dtx":false}}}},"EndTime":1390239900000,"StartTime":1390237200000,"IsImpromptu":false}
D/G2M (32190): Got response from legacy JSON API: 200
D/G2M (32190): JoinService: Attempting to join Meeting
D/G2M (32190): MeetingService: Starting Meeting join on legacy...
D/G2M (32190): HttpRequest to: https://www.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?android=true&MeetingID=[MEETING_ID_REDACTED]&PhoneInfo=,MachineID=WFNUUVtWBVRUVwRQAwUCAA==,G2MAppVersion=5.0.799.1238,BuildType=releaseBuild,Brand=google,Manufacturer=LGE,Model=Nexus5,AndroidVersionRelease=4.4.2,AndroidVersionIncremental=937116,ID=KOT49H,Product=hammerhead,Device=hammerhead,CpuABI=armeabi-v7a
D/G2M (32190): ServiceResolver: COLService: BaseURL [https://www1.gotomeeting.com], isLegacy [true}, isWebinar [false]
D/G2M (32190): HttpRequest response from: GET https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&android=true&MeetingID=[MEETING_ID_REDACTED]&PhoneInfo=,MachineID=WFNUUVtWBVRUVwRQAwUCAA==,G2MAppVersion=5.0.799.1238,BuildType=releaseBuild,Brand=google,Manufacturer=LGE,Model=Nexus5,AndroidVersionRelease=4.4.2,AndroidVersionIncremental=937116,ID=KOT49H,Product=hammerhead,Device=hammerhead,CpuABI=armeabi-v7a -> 302
D/G2M (32190): HttpRequest response body: GET https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&android=true&MeetingID=[MEETING_ID_REDACTED]&PhoneInfo=,MachineID=WFNUUVtWBVRUVwRQAwUCAA==,G2MAppVersion=5.0.799.1238,BuildType=releaseBuild,Brand=google,Manufacturer=LGE,Model=Nexus5,AndroidVersionRelease=4.4.2,AndroidVersionIncremental=937116,ID=KOT49H,Product=hammerhead,Device=hammerhead,CpuABI=armeabi-v7a -> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<! ----- SNIPPET ------- !>
8. CVSS 2.0 BASE METRICS
========================
Reference Base Vector Base Score
CVSS Base Score
5.4
Impact Subscore
7.8
Exploitability Subscore
3.4
CVSS Temporal Score
5.1
CVSS Environmental Score
6.6
Modified Impact Subscore
10
Overall CVSS Score
6.6
9. REPORT TIMELINE
==================
[1] 01/20/2014 - Vulnerability discovered, internal contact notified
[2] 01/21/2014 - Citrix security team notified via email
[3] 01/22/2014 - Citrix asked for testing environment details; provided.
[4] 01/23/2014 - CVE provided by CNA; public disclosure.
10. REFERENCES
=============
https://www.securecoding.cert.org/confluence/display/java/DRD04-J.+Do+not+log+sensitive+information
https://play.google.com/store/apps/details?id=com.nolanlawson.logcat&hl=en
https://drive.google.com/file/d/0B3eEtV83VTFUWEgxSTRac3JvZlk/edit?usp=sharing
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Jan 2014 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.07883