EUVD-2017-7415

Malware in sbrugna...

EUVD-2017-7413

Malware in sbrugna...

CVE-2017-15998

In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network...

CVE-2017-15999

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attack...

CVE-2017-15997

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML fi...

NQ Contacts Backup&Restore Access Gain Vulnerability

NQ Contacts Backup&Restore application for Android is a set of data backup and recovery software based on Android platform. A security vulnerability exists in version 1.1 of the NQ Contacts Backup&Restore application for Android, which originates from the program's use of an RC4 static key. The...

NQ Contacts Backup&Restore Information Disclosure Vulnerability (CNVD-2017-35644)

NQ Contacts Backup&Restore application for Android is a set of data backup and recovery software based on Android platform. A security vulnerability exists in version 1.1 of the NQ Contacts Backup&Restore application for Android, which originates when the program passes a plaintext username along...

CVE-2017-15999

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attack...

CVE-2017-15997

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML fi...

CVE-2017-15998

The CVE concerns the Android app NQ Contacts Backup & Restore version 1.1, which uses DES encryption with a static key to protect transmitted contact data. This practice can allow remote attackers to obtain plaintext data by sniffing network traffic, representing a confidentiality impact describe...

CVE-2017-15997

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML fi...

CVE-2017-15999

CVE-2017-15999 affects the Android app NQ Contacts Backup & Restore (version 1.1). The root issue is transmission of credentials without HTTPS: during login, the username is sent in cleartext together with an SHA-1 hash of the password. This enables an attacker to crack the password hash or reuse...