PT-2012-1971 · Kaixin001 · Kaixin001
Daoyuan Wu
+2
·
Publicado
2012-01-25
·
Atualizado
2012-01-25
·
CVE-2011-4866
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Kaixin001 (com.kaixin001.activity) versions 1.3.1 and 1.3.3
Description
The application does not properly protect data, allowing remote attackers to read or modify contact information and a cleartext password via a crafted application.
Recommendations
For version 1.3.1, update to a version that properly protects user data.
For version 1.3.3, update to a version that properly protects user data.
As a temporary workaround, consider restricting access to sensitive information until a patch is available.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kaixin001