CVE-2018-20100

Name of the Vulnerable Software and Affected Versions August Connect devices (affected versions not specified)

Description An issue allows attackers to discover home Wi-Fi credentials due to insecure data transfer between the August app and August Connect during configuration. This data transfer uses an unencrypted access point for these credentials and passes them in an HTTP POST using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.