Clear Text Secrets in PassmanLite Could Allow Access to Passwords

2011.05.17
Credit: Simon Roses
Risk: Low
Local: Yes
Remote: No
CVE: CVE-2011-1840
CWE: CWE-310


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Simon Roses Femerling Security Advisory www.simonroses.com Title: Clear Text Secrets in PassmanLite Could Allow Access to Passwords SRF ID: SRF-ADV-2011-01 CVE ID: CVE-2011-1840 Release Date: 06/05/2011 Affected Products: Passman Lite Password Manager 1.47 and ealier Vendor: MARTINI CREATIONS Technical Description --------------------- PassmanLite Password Manager, an Android App to store and protect passwords on mobile devices, stores the master password and database accounts in clear text. Impact ------ Successful exploitation of this vulnerability allows access to all information protected by the application. However for this attack to success, attacker would require access to system shell or being able to read files through another attack vector. Solution -------- Upgrade to Passman Lite 1.48 via Android Market. Feedback -------- If you have additional information or corrections for this security advisory please contact us at www.simonroses.com

References:

http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt
http://www.securityfocus.com/bid/47765


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top