Nessus On Android 1.0.1 Credential Disclosure

2012-07-24T00:00:00
ID 1337DAY-ID-19052
Type zdt
Reporter 0day Today Team
Modified 2012-07-24T00:00:00

Description

Exploit for hardware platform in category web applications

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1            #############################################             1
0            Nessus On Android 1.0.1 Credential Disclosure             1
1            #############################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


Nessus app for android
version 1.0.1

The app allows user to save nessus server info 
IP/username/password.

The app saves this info to
/sdcard/servers.id

This file can be viewed with notepad and password is right there in plain text.  this means any app on the system can see that info and possibly transmit it to an attacker.



#  0day.today [2018-04-12]  #