Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5778

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-5778
Last Modified 15 Nov 2008 02:02:10
Published 01 Nov 2007 12:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5778

Summary

Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.

Vulnerable Systems

Application

  • Mobile-spy


References

BUGTRAQ - 20071023 Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection

MISC - http://www.informit.com/articles/article.aspx?p=1077909

MISC - http://www.airscanner.com/security/07101401_mobilespy.htm

OSVDB - 43626

OSVDB - 43625

BID - 26177

SREASON - 3333


Last Updated: 27 May 2016 10:46:16