Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3886

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3886
Last Modified 27 Jul 2012 09:48:13
Published 26 Jul 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3886

Summary

AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack.

Vulnerable Systems

Application

  • Airdroid 1.0.4


References

MISC - http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt

BUGTRAQ - 20120712 security advisory: AirDroid 1.0.4 beta


Last Updated: 27 May 2016 10:55:00