32 matches found
Information disclosure
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks...
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5086
The connected documents confirm CVE-2016-5086 affects the Animas OneTouch Ping insulin pump system, where a lack of protections in the custom radio-frequency protocol enables authentication bypass via capture‑replay. In practice, an unauthenticated remote attacker could replay captured commands t...
CVE-2016-5084
CVE-2016-5084 affects the Animas OneTouch Ping insulin pump system. Public details from ICS-CERT/URS indicate radio-frequency communications between the meter remote and pump transmit data in cleartext (CWE-319) and expose patient treatment/device data to unauthenticated remote listeners; related...
CVE-2016-5686
The CVE-2016-5686 issue affects the Johnson & Johnson Animas OneTouch Ping insulin pump. It stems from a custom communication protocol that mishandles acknowledgements, allowing an unauthenticated remote attacker to spoof acknowledgement packets and bypass authentication. This could enable comman...
CVE-2016-5085
CVE-2016-5085 affects the Animas OneTouch Ping insulin pump system. The vulnerability stems from use of a static or non-changing CRC32-derived value as an encryption key during the pairing/authentication handshake, enabling an unauthenticated remote attacker to sniff RF communications between the...
Animas OneTouch Ping insulin pump contains multiple vulnerabilities
Overview The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Description CWE-319:...
OneTouch Reveal - BSD license, GPL license, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application OneTouch Reveal published at the 'play' market has multiple vulnerabilities...
Onetouch Move - Base64 encoded String, Customized SSL, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Onetouch Move published at the 'play' market has multiple vulnerabilities...