PT-2012-1971 · Kaixin001 · Kaixin001
Daoyuan Wu
+2
·
Published
2012-01-25
·
Updated
2012-01-25
·
CVE-2011-4866
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Kaixin001 (com.kaixin001.activity) versions 1.3.1 and 1.3.3
Description
The application does not properly protect data, allowing remote attackers to read or modify contact information and a cleartext password via a crafted application.
Recommendations
For version 1.3.1, update to a version that properly protects user data.
For version 1.3.3, update to a version that properly protects user data.
As a temporary workaround, consider restricting access to sensitive information until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kaixin001