CVE-2017-11136

Name of the Vulnerable Software and Affected Versions heinekingmedia StashCat versions 1.7.5 and earlier for Android heinekingmedia StashCat versions 0.0.80w and earlier for Web heinekingmedia StashCat versions 0.0.86 and earlier for Desktop

Description The issue concerns the use of RSA for exchanging a secret for symmetric encryption of messages. However, the private RSA key is stored on the client and also transmitted to the backend. The key to decrypt the private key is composed of the first 32 bytes of the SHA-512 hash of the user password. This hash is also stored on the backend, allowing anyone with access to the backend database to read the transmitted secret for symmetric encryption and thus access the communication.

Recommendations For heinekingmedia StashCat version 1.7.5 and earlier for Android, consider disabling the RSA key exchange until a patch is available. For heinekingmedia StashCat version 0.0.80w and earlier for Web, restrict access to the backend database to minimize the risk of exploitation. For heinekingmedia StashCat version 0.0.86 and earlier for Desktop, avoid using the user password for decrypting the private key until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.