CVE-2017-15997

Name of the Vulnerable Software and Affected Versions NQ Contacts Backup & Restore version 1.1

Description The issue concerns the use of a static RC4 key for encryption in the application, which can allow an attacker to more easily gain access to user credentials by accessing the preferences XML file. This affects the security of user passwords stored locally.

Recommendations For version 1.1, consider disabling the use of RC4 encryption until a more secure encryption method can be implemented, or restrict access to the preferences XML file to minimize the risk of exploitation.