CVE-2017-15999

Name of the Vulnerable Software and Affected Versions NQ Contacts Backup & Restore version 1.1

Description The application transmits login and synced user data without using HTTPS. During login, the username is sent in cleartext along with an SHA-1 hash of the password. This allows an attacker to either crack the hash or use it for further attacks where only the hash value is required.

Recommendations For version 1.1, consider disabling the login functionality until a secure version of the application is available, and avoid using the application for sensitive data transmission. Restrict access to the application's data to minimize the risk of exploitation.