PT-2017-14349 · Nq · Nq Contacts Backup & Restore

Published

2017-10-29

Updated

2019-10-03

CVE-2017-15997

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NQ Contacts Backup & Restore version 1.1

Description The issue concerns the use of a static RC4 key for encryption in the application, which can allow an attacker to more easily gain access to user credentials by accessing the preferences XML file. This affects the security of user passwords stored locally.

Recommendations For version 1.1, consider disabling the use of RC4 encryption until a more secure encryption method can be implemented, or restrict access to the preferences XML file to minimize the risk of exploitation.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2017-15997

Affected Products

Nq Contacts Backup & Restore

PT-2017-14349 · Nq · Nq Contacts Backup & Restore

CVE-2017-15997

Weakness Enumeration

Related Identifiers

Affected Products

References · 3