cvelistv5 - cve-2011-4872

CVE-2011-4872 (GCVE-0-2011-4872)

Vulnerability from cvelistv5 – Published: 2012-02-05 11:00 – Updated: 2024-09-17 02:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

GSD-2011-4872

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-4872

Aliases

CVE-2011-4872

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4872",
    "description": "Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.",
    "id": "GSD-2011-4872"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4872"
      ],
      "details": "Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.",
      "id": "GSD-2011-4872",
      "modified": "2023-12-13T01:19:05.254855Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2011-4872",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#763355",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/763355"
          },
          {
            "name": "20120201 802.1X password exploit on many HTC Android devices",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html"
          },
          {
            "name": "47837",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/47837"
          },
          {
            "name": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html",
            "refsource": "MISC",
            "url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html"
          },
          {
            "name": "51790",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/51790"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:htc:glacier:frg83:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:droid_incredible:frf91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:thunderbolt_4g:frg83d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:sensation_4g:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:desire_hd:frg83d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:evo_3d:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:sensation_z710e:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:desire_hd:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:desire_s:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:evo_4g:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2011-4872"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "51790",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/51790"
            },
            {
              "name": "47837",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/47837"
            },
            {
              "name": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html"
            },
            {
              "name": "20120201 802.1X password exploit on many HTC Android devices",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html"
            },
            {
              "name": "VU#763355",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/763355"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2012-02-16T05:00Z",
      "publishedDate": "2012-02-05T11:55Z"
    }
  }
}

GHSA-2WX5-PG32-77VX

Vulnerability from github – Published: 2022-05-17 05:33 – Updated: 2022-05-17 05:33

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-4872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-02-05T11:55:00Z",
    "severity": "LOW"
  },
  "details": "Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.",
  "id": "GHSA-2wx5-pg32-77vx",
  "modified": "2022-05-17T05:33:28Z",
  "published": "2022-05-17T05:33:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4872"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html"
    },
    {
      "type": "WEB",
      "url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47837"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/763355"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51790"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201202-0161

Vulnerability from variot - Updated: 2023-12-18 13:34

Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class. A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android. HTC Made Android On the device, Wi-Fi There is a vulnerability in which authentication information is leaked. HTC Made Android The device has a problem managing authentication information, Wi-Fi There is a vulnerability in which authentication information is leaked.Configured for the product by a remote third party Wi-Fi Authentication information may be obtained. If the same application also has android.permission.INTERNET permission, the application can collect this information and send it to the server on the remote Internet. Multiple HTC devices are prone to an information-disclosure vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to install a malicious application with 'android.permission.ACCESS_WIFI_STATE' and 'android.permission.INTERNET' permissions on the device running Android. Remote attackers can exploit this issue to gain access to sensitive information. This may aid in further attacks. This exploit exposes enterprise-privileged credentials in a manner that allows targeted exploitation.

Affected Vendors:

HTC

Affected Versions:

We have verified the following devices as having this issue (there may be others including some non-HTC phones): Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40 Glacier - Version FRG83 Droid Incredible - Version FRF91 Thunderbolt 4G - Version FRG83D Sensation Z710e - Version GRI40 Sensation 4G - Version GRI40 Desire S - Version GRI40 EVO 3D - Version GRI40 EVO 4G - Version GRI40

Non-Affected Versions:

myTouch3g (Appears to run either unmodified, or only lightly modified Android build) Nexus One (Runs unmodified Android build)

Severity

Critical

Timeline:

2012-02-01: Public disclosure
2012-01-31: Submit final public disclosure doc to HTC Global for feedback
2012-01-31: HTC publishes information via their web site
2012-01-20: Public disclosure ? postponed
2012-01-19: Discussion with HTC Global on their time schedule
2012-01-05: Conference call with HTC Global
2012-01-02: Public disclosure ? postponed
2011-12-05: Discussed public disclosure time frames with HTC and Google
2011-10-11: Updated all individuals and groups that are aware of the issue
2011-10-11: Follow-up conference call with HTC Global and Google
2011-09-19: Updated all individuals and groups that were aware of the issue
2011-09-19: Conference call with HTC Global and Google
2011-09-08: HTC and Google verified exploit
2011-09-07: Notified key government agencies and CERT under non-public disclosure
2011-09-07: Initial email and phone call with HTC Global and Google

Vulnerability Details:

There is an issue in certain HTC builds of Android that can expose the user's 802.1X password to any program with the "android.permission.ACCESS_WIFI_STATE" permission. In addition, if the SSID is an identifiable SSID ("Sample University" or "Enterprise XYZ"), this issue exposes enterprise-privileged credentials in a manner that allows targeted exploitation. The resulting output will look something like this:

ID: 2 SSID: "ct" BSSID: null PRIO: 16 KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN AuthAlgorithms: PairwiseCiphers: CCMP GroupCiphers: WEP40 WEP104 TKIP CCMP PSK: eap: PEAP phase2: auth=MSCHAPV2 identity: [Your User Name] anonymous_identity: password: client_cert: private_key: ca_cert: keystore://CACERT_ct

On most Android devices, the password field is either left blank, or simply populated with a "*" to indicate that a password is present. However, on affected HTC devices, the password field contains the actual user password in clear text.

This is sample output from a Sprint EVO running Android 2.3.3: * ID: 0 SSID: "wpa2eap" BSSID: null PRIO: 21 KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN AuthAlgorithms: PairwiseCiphers: CCMP GroupCiphers: WEP40 WEP104 TKIP CCMP PSK: eap: TTLS phase2: auth=PAP identity: test anonymous_identity: password: test client_cert: private_key: ca_cert: keystore://CACERT_wpa2eap

Vendor Response

Google and HTC have been very responsive and good to work with on this issue. Google has made changes to the Android code to help better protect the credential store and HTC has released updates for all currently supported phone and side-loads for all non-supported phone.

Customer with affected versions can find information from HTC about updating their phone at: http://www.htc.com/www/help/

Google has also done a code scan of every application currently in the Android Market and there are no applications currently exploiting this vulnerability.

Credit

Chris Hessing from The Open1X Group (http://www.open1x.org) who is currently working on Android, iOS, Windows, Mac OSX, and Linux 802.1X tools for Cloudpath Networks (http://www.cloudpath.net/) discovered this password exploit.

Contact Information

Chris Hessing Senior Engineer, Cloudpath Networks (chris.hessing@cloudpath.net) Chief Architect, Open1X Group (chris@open1x.org) Bret Jordan CISSP Senior Security Architect, Open1X Group (jordan@open1x.org)

About

Cloudpath Networks Cloudpath Networks provides software solutions that allow diverse environments to operate WPA2-Enterprise and 802.1X networks in a scalable, sustainable manner.ˇ From Bring Your Own Device (BYOD) in enterprise to student-owned devices in education, Cloudpath's XpressConnect Wizard has been proven to provide unmatched simplicity on millions of devices around the globe.

XpressConnect is an automated, self-service wizard for connecting users to WPA2-Enterprise and 802.1X across a wide range of device types and authentication methods, including credential-based (PEAP and TTLS) and certificate-based (TLS).ˇ For certificate-based environments, XpressConnect?s integration technology seamlessly connects to existing Microsoft CA servers to extend automated certificate issuance to non-domain devices, including iOS (iPhone, iPad, iPod Touch), Android, Windows, Mac OS X, and Linux.

The Open1X Group The Open1X Group is a strategic research and development group established in 2001 to support the creation and adoption of secure authentication systems over traditionally insecure network connection.

The Open1X Group performs active and ongoing research and analysis in to the IEEE 802.1X protocol, the IETF EAP Methods, emerging authentication technologies, and various cryptographic implementations. The Open1X Group has had the support of major Universities, enterprise companies, major Hi-Tech companies, and non-profit organizations. The Open1X Group also performs on-going analysis of business and academic interests in to secure authentication and single sign-on systems, and Government and non-Government regulations and mandates for compliance in secure authentication.

The Open1X Group leverages a distributed team of security architects, engineers, and research scientists with specializations in 802.1X, gird and high performance computing, wireless networking, federated authentication, black box testing, cryptography, large enterprise and University deployment experiences, and global project development.

The Open1X Group is a pioneer in the secure authentication space with the first major wide spread 802.1X federated deployment back in 1999/2000, and the development of a fully featured 802.1X supplicant, XSupplicant.

Bret Jordan CISSP Sr Security Architect PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." .

The vulnerability is caused due to an unspecified error and can be exploited by an application system administrator to gain super user privileges.

The vulnerability is reported in versions 6.0, 6.5, and 6.6.

SOLUTION: Apply patches (please see the vendor's advisory for details). ----------------------------------------------------------------------

SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296

TITLE: HTC Products Wi-Fi Credentials Disclosure Weakness

SECUNIA ADVISORY ID: SA47837

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47837/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47837

RELEASE DATE: 2012-02-02

DISCUSS ADVISORY: http://secunia.com/advisories/47837/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/47837/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=47837

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Open1X Group has reported a weakness in multiple HTC products, which can be exploited by malicious people to disclose potentially sensitive information.

The weakness is caused due to the "WifiConfiguration::toString()" method returning Wi-Fi credentials of stored networks in clear text.

Successful exploitation requires that a malicious application is installed with "android.permission.ACCESS_WIFI_STATE" permissions.

PROVIDED AND/OR DISCOVERED BY: Chris Hessing, Open1X Group.

ORIGINAL ADVISORY: HTC: http://www.htc.com/www/help/

Open1X Group: http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html

US-CERT VU#763355: http://www.kb.cert.org/vuls/id/763355

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0161",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "desire hd",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "htc",
        "version": "gri40"
      },
      {
        "model": "sensation 4g",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "gri40"
      },
      {
        "model": "desire hd",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "frg83d"
      },
      {
        "model": "evo 3d",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "gri40"
      },
      {
        "model": "droid incredible",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "frf91"
      },
      {
        "model": "thunderbolt 4g",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "frg83d"
      },
      {
        "model": "desire s",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "gri40"
      },
      {
        "model": "evo 4g",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "gri40"
      },
      {
        "model": "sensation z710e",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "gri40"
      },
      {
        "model": "glacier",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "htc",
        "version": "frg83"
      },
      {
        "model": "desire hd",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "htc",
        "version": "0"
      },
      {
        "model": "thunderbolt 4g frg83d",
        "scope": null,
        "trust": 0.9,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "sensation z710e gri40",
        "scope": null,
        "trust": 0.9,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "sensation 4g gri40",
        "scope": null,
        "trust": 0.9,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "glacier frg83",
        "scope": null,
        "trust": 0.9,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "evo 4g gri40",
        "scope": null,
        "trust": 0.9,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "evo 3d gri40",
        "scope": null,
        "trust": 0.9,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "droid incredible frf91",
        "scope": null,
        "trust": 0.9,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "desire s gri40",
        "scope": null,
        "trust": 0.9,
        "vendor": "htc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "desire hd",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "(ace and  spade) - versions frg83d"
      },
      {
        "model": "desire s",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "- version gri40"
      },
      {
        "model": "droid incredible",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "- version frf91"
      },
      {
        "model": "evo 3d",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "- version gri40"
      },
      {
        "model": "evo 4g",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "- version gri40"
      },
      {
        "model": "glacier",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "- version frg83"
      },
      {
        "model": "sensation 4g",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "- version gri40"
      },
      {
        "model": "sensation z710e",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "- version gri40"
      },
      {
        "model": "thunderbolt 4g",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "htc",
        "version": "- version frg83d"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#763355"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "db": "BID",
        "id": "51790"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:htc:glacier:frg83:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:droid_incredible:frf91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:thunderbolt_4g:frg83d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:sensation_4g:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:desire_hd:frg83d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:evo_3d:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:sensation_z710e:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:desire_hd:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:desire_s:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:htc:evo_4g:gri40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4872"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chris Hessing and Bret Jordan",
    "sources": [
      {
        "db": "BID",
        "id": "51790"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2011-4872",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2011-4872",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4872",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#763355",
            "trust": 0.8,
            "value": "1.23"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201202-043",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#763355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class. A user\u0027s 802.1X WiFi credentials and SSID information may be exposed  to any application with basic WiFi permissions on certain HTC builds of Android. HTC Made Android On the device, Wi-Fi There is a vulnerability in which authentication information is leaked. HTC Made Android The device has a problem managing authentication information, Wi-Fi There is a vulnerability in which authentication information is leaked.Configured for the product by a remote third party Wi-Fi Authentication information may be obtained. If the same application also has android.permission.INTERNET permission, the application can collect this information and send it to the server on the remote Internet. Multiple HTC devices are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue by enticing an unsuspecting victim to  install a malicious application with \u0027android.permission.ACCESS_WIFI_STATE\u0027 and \u0027android.permission.INTERNET\u0027 permissions on the device running Android. \nRemote attackers can exploit this issue to gain access to sensitive information. This may aid in further attacks. \u00a0 This exploit exposes\nenterprise-privileged credentials in a manner that allows targeted\nexploitation. \n\n\n--------------------------------------------------------------------------------\nAffected Vendors:\n--------------------------------------------------------------------------------\nHTC\n\n\n--------------------------------------------------------------------------------\nAffected Versions:\n--------------------------------------------------------------------------------\nWe have verified the following devices as having this issue (there may\nbe others including some non-HTC phones):\nDesire HD\u00a0 (both \"ace\" and \"spade\" board revisions) - Versions FRG83D, GRI40\nGlacier - Version FRG83\nDroid Incredible - Version FRF91\nThunderbolt 4G - Version FRG83D\nSensation Z710e - Version GRI40\nSensation 4G - Version GRI40\nDesire S - Version GRI40\nEVO 3D - Version GRI40\nEVO 4G - Version GRI40\n\n\n--------------------------------------------------------------------------------\nNon-Affected Versions:\n--------------------------------------------------------------------------------\nmyTouch3g\u00a0 (Appears to run either unmodified, or only lightly modified\nAndroid build)\nNexus One\u00a0 (Runs unmodified Android build)\n\n\n--------------------------------------------------------------------------------\nSeverity\n--------------------------------------------------------------------------------\nCritical\n\n\n--------------------------------------------------------------------------------\nSee also\n--------------------------------------------------------------------------------\nCVE ID: CVE-2011-4872\n\n\n--------------------------------------------------------------------------------\nTimeline:\n--------------------------------------------------------------------------------\n- 2012-02-01: Public disclosure\n- 2012-01-31: Submit final public disclosure doc to HTC Global for feedback\n- 2012-01-31: HTC publishes information via their web site\n- 2012-01-20: Public disclosure ? postponed\n- 2012-01-19: Discussion with HTC Global on their time schedule\n- 2012-01-05: Conference call with HTC Global\n- 2012-01-02: Public disclosure ? postponed\n- 2011-12-05: Discussed public disclosure time frames with HTC and Google\n- 2011-10-11: Updated all individuals and groups that are aware of the issue\n- 2011-10-11: Follow-up conference call with HTC Global and Google\n- 2011-09-19: Updated all individuals and groups that were aware of the issue\n- 2011-09-19: Conference call with HTC Global and Google\n- 2011-09-08: HTC and Google verified exploit\n- 2011-09-07: Notified key government agencies and CERT under\nnon-public disclosure\n- 2011-09-07: Initial email and phone call with HTC Global and Google\n\n\n\n--------------------------------------------------------------------------------\nVulnerability Details:\n--------------------------------------------------------------------------------\nThere is an issue in certain HTC builds of Android that can expose the\nuser\u0027s 802.1X password to any program with the\n\"android.permission.ACCESS_WIFI_STATE\" permission. In\naddition, if the SSID is an identifiable SSID (\"Sample University\" or\n\"Enterprise XYZ\"), this issue exposes enterprise-privileged\ncredentials in a manner that allows targeted exploitation. The resulting output will look\nsomething like this:\n\n* ID: 2 SSID: \"ct\" BSSID: null PRIO: 16\nKeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN\nAuthAlgorithms:\nPairwiseCiphers: CCMP\nGroupCiphers: WEP40 WEP104 TKIP CCMP\nPSK:\neap: PEAP\nphase2: auth=MSCHAPV2\nidentity: [Your User Name]\nanonymous_identity:\npassword:\nclient_cert:\nprivate_key:\nca_cert: keystore://CACERT_ct\n\nOn most Android devices, the password field is either left blank, or\nsimply populated with a \"*\" to indicate that a password is present. \nHowever, on affected HTC devices, the password field contains the\nactual user password in clear text. \n\nThis is sample output from a Sprint EVO running Android 2.3.3:\n* ID: 0 SSID: \"wpa2eap\" BSSID: null PRIO: 21\nKeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN\nAuthAlgorithms:\nPairwiseCiphers: CCMP\nGroupCiphers: WEP40 WEP104 TKIP CCMP\nPSK:\neap: TTLS\nphase2: auth=PAP\nidentity: test\nanonymous_identity:\npassword: test\nclient_cert:\nprivate_key:\nca_cert: keystore://CACERT_wpa2eap\n\n\n--------------------------------------------------------------------------------\nVendor Response\n--------------------------------------------------------------------------------\nGoogle and HTC have been very responsive and good to work with on this\nissue. \u00a0 Google has made changes to the Android code to help better\nprotect the credential store and HTC has released updates for all\ncurrently supported phone and side-loads for all non-supported phone. \n\nCustomer with affected versions can find information from HTC about\nupdating their phone at: http://www.htc.com/www/help/\n\nGoogle has also done a code scan of every application currently in the\nAndroid Market and there are no applications currently exploiting this\nvulnerability. \n\n\n--------------------------------------------------------------------------------\nCredit\n--------------------------------------------------------------------------------\nChris Hessing from The Open1X Group (http://www.open1x.org) who is\ncurrently working on Android, iOS, Windows, Mac OSX, and Linux 802.1X\ntools for Cloudpath Networks (http://www.cloudpath.net/) discovered\nthis password exploit. \n\n\n--------------------------------------------------------------------------------\nContact Information\n--------------------------------------------------------------------------------\nChris Hessing\n\u00a0\u00a0\u00a0\u00a0 Senior Engineer, Cloudpath Networks (chris.hessing@cloudpath.net)\n\u00a0\u00a0\u00a0\u00a0 Chief Architect, Open1X Group (chris@open1x.org)\nBret Jordan CISSP\n\u00a0\u00a0\u00a0\u00a0 Senior Security Architect, Open1X Group (jordan@open1x.org)\n\n\n--------------------------------------------------------------------------------\nAbout\n--------------------------------------------------------------------------------\nCloudpath Networks\nCloudpath Networks provides software solutions that allow diverse\nenvironments to operate WPA2-Enterprise and 802.1X networks in a\nscalable, sustainable manner.\u02c7 From Bring Your Own Device (BYOD) in\nenterprise to student-owned devices in education, Cloudpath\u0027s\nXpressConnect Wizard has been proven to provide unmatched simplicity\non millions of devices around the globe. \n\nXpressConnect is an automated, self-service wizard for connecting\nusers to WPA2-Enterprise and 802.1X across a wide range of device\ntypes and authentication methods, including credential-based (PEAP and\nTTLS) and certificate-based (TLS).\u02c7 For certificate-based\nenvironments, XpressConnect?s integration technology seamlessly\nconnects to existing Microsoft CA servers to extend automated\ncertificate issuance to non-domain devices, including iOS (iPhone,\niPad, iPod Touch), Android, Windows, Mac OS X, and Linux. \n\nThe Open1X Group\nThe Open1X Group is a strategic research and development group\nestablished in 2001 to support the creation and adoption of secure\nauthentication systems over traditionally insecure network connection. \n\nThe Open1X Group performs active and ongoing research and analysis in\nto the IEEE 802.1X protocol, the IETF EAP Methods, emerging\nauthentication technologies, and various cryptographic\nimplementations. \u00a0 The Open1X Group has had the support of major\nUniversities, enterprise companies, major Hi-Tech companies, and\nnon-profit organizations. \u00a0 The Open1X Group also performs on-going\nanalysis of business and academic interests in to secure\nauthentication and single sign-on systems, and Government and\nnon-Government regulations and mandates for compliance in secure\nauthentication. \n\nThe Open1X Group leverages a distributed team of security architects,\nengineers, and research scientists with specializations in 802.1X,\ngird and high performance computing, wireless networking, federated\nauthentication, black box testing, cryptography, large enterprise and\nUniversity deployment experiences, and global project development. \n\nThe Open1X Group is a pioneer in the secure authentication space with\nthe first major wide spread 802.1X federated deployment back in\n1999/2000, and the development of a fully featured 802.1X supplicant,\nXSupplicant. \n\n\n\nBret Jordan CISSP\nSr Security Architect\nPGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303\n\"Without cryptography vihv vivc ce xhrnrw, however, the only thing\nthat can not be unscrambled is an egg.\"\n. \n\nThe vulnerability is caused due to an unspecified error and can be\nexploited by an application system administrator to gain super user\nprivileges. \n\nThe vulnerability is reported in versions 6.0, 6.5, and 6.6. \n\nSOLUTION:\nApply patches (please see the vendor\u0027s advisory for details). ----------------------------------------------------------------------\n\nSC Magazine awards the Secunia CSI a 5-Star rating\nTop-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 \n\n----------------------------------------------------------------------\n\nTITLE:\nHTC Products Wi-Fi Credentials Disclosure Weakness\n\nSECUNIA ADVISORY ID:\nSA47837\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47837/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47837\n\nRELEASE DATE:\n2012-02-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47837/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47837/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47837\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nOpen1X Group has reported a weakness in multiple HTC products, which\ncan be exploited by malicious people to disclose potentially\nsensitive information. \n\nThe weakness is caused due to the \"WifiConfiguration::toString()\"\nmethod returning Wi-Fi credentials of stored networks in clear text. \n\nSuccessful exploitation requires that a malicious application is\ninstalled with \"android.permission.ACCESS_WIFI_STATE\" permissions. \n\nPROVIDED AND/OR DISCOVERED BY:\nChris Hessing, Open1X Group. \n\nORIGINAL ADVISORY:\nHTC:\nhttp://www.htc.com/www/help/\n\nOpen1X Group:\nhttp://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html\n\nUS-CERT VU#763355:\nhttp://www.kb.cert.org/vuls/id/763355\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4872"
      },
      {
        "db": "CERT/CC",
        "id": "VU#763355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "db": "BID",
        "id": "51790"
      },
      {
        "db": "PACKETSTORM",
        "id": "109344"
      },
      {
        "db": "PACKETSTORM",
        "id": "109394"
      },
      {
        "db": "PACKETSTORM",
        "id": "109362"
      }
    ],
    "trust": 3.42
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#763355",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4872",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "51790",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "47837",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "47860",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20120201 802.1X PASSWORD EXPLOIT ON MANY HTC ANDROID DEVICES",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "18651",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "109344",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109394",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "109362",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#763355"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "db": "BID",
        "id": "51790"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "db": "PACKETSTORM",
        "id": "109344"
      },
      {
        "db": "PACKETSTORM",
        "id": "109394"
      },
      {
        "db": "PACKETSTORM",
        "id": "109362"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ]
  },
  "id": "VAR-201202-0161",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      }
    ],
    "trust": 1.2758432475
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:34:53.732000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HTC Help Center - WiFi security fix",
        "trust": 0.8,
        "url": "http://www.htc.com/www/help/#w1307647922146"
      },
      {
        "title": "Patch for multiple HTC devices \u0027Android.permission.ACCESS_WIFI_STATE\u0027 information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/8691"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4872"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/763355"
      },
      {
        "trust": 1.6,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/47837"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/51790"
      },
      {
        "trust": 1.0,
        "url": "http://www.htc.com/www/help/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4872"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu763355"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4872"
      },
      {
        "trust": 0.6,
        "url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.htmlhttp"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/47860"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18651"
      },
      {
        "trust": 0.3,
        "url": "http://www.htc.com/www/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/blog/296"
      },
      {
        "trust": 0.1,
        "url": "http://www.cloudpath.net/)"
      },
      {
        "trust": 0.1,
        "url": "http://www.open1x.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4872"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/att-0005/esa-2012-009.txt"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/47860/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47860"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/47860/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/47837/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47837"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/47837/#comments"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#763355"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "db": "BID",
        "id": "51790"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "db": "PACKETSTORM",
        "id": "109344"
      },
      {
        "db": "PACKETSTORM",
        "id": "109394"
      },
      {
        "db": "PACKETSTORM",
        "id": "109362"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#763355"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "db": "BID",
        "id": "51790"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "db": "PACKETSTORM",
        "id": "109344"
      },
      {
        "db": "PACKETSTORM",
        "id": "109394"
      },
      {
        "db": "PACKETSTORM",
        "id": "109362"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-02-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#763355"
      },
      {
        "date": "2012-02-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "date": "2012-02-01T00:00:00",
        "db": "BID",
        "id": "51790"
      },
      {
        "date": "2012-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "date": "2012-02-02T02:00:50",
        "db": "PACKETSTORM",
        "id": "109344"
      },
      {
        "date": "2012-02-02T06:44:24",
        "db": "PACKETSTORM",
        "id": "109394"
      },
      {
        "date": "2012-02-02T03:31:21",
        "db": "PACKETSTORM",
        "id": "109362"
      },
      {
        "date": "2012-02-05T11:55:03.047000",
        "db": "NVD",
        "id": "CVE-2011-4872"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-02-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#763355"
      },
      {
        "date": "2012-02-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "date": "2012-02-01T00:00:00",
        "db": "BID",
        "id": "51790"
      },
      {
        "date": "2012-02-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001308"
      },
      {
        "date": "2012-02-16T05:00:00",
        "db": "NVD",
        "id": "CVE-2011-4872"
      },
      {
        "date": "2012-02-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "109344"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple HTC Devices \u0027Android.permission.ACCESS_WIFI_STATE\u0027 Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-0389"
      },
      {
        "db": "BID",
        "id": "51790"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201202-043"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2011-4872

Vulnerability from fkie_nvd - Published: 2012-02-05 11:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html
cret@cert.org	http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
cret@cert.org	http://secunia.com/advisories/47837	Vendor Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/763355	US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/51790
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html
af854a3a-2127-422b-91ae-364da2661108	http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47837	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/763355	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51790

Impacted products

Vendor	Product	Version
htc	desire_hd	frg83d
htc	desire_hd	gri40
htc	desire_s	gri40
htc	droid_incredible	frf91
htc	evo_3d	gri40
htc	evo_4g	gri40
htc	glacier	frg83
htc	sensation_4g	gri40
htc	sensation_z710e	gri40
htc	thunderbolt_4g	frg83d

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:htc:desire_hd:frg83d:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47D18AA-CFF9-4AD8-AE88-2CA747123EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:desire_hd:gri40:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0653264-C983-4944-9C58-FB66695810B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:desire_s:gri40:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9F69A6B-DE64-40FD-9A0D-4F58A0D40876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:droid_incredible:frf91:*:*:*:*:*:*:*",
              "matchCriteriaId": "104EFEA6-6768-4BC4-BB79-636607F6B633",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:evo_3d:gri40:*:*:*:*:*:*:*",
              "matchCriteriaId": "04CE53C2-E91D-4E99-820A-D06BA1BBAAD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:evo_4g:gri40:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9842B1-3735-48CC-9163-36253B9C5AF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:glacier:frg83:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DA09C0-2C0F-4605-A9ED-B76436FC8969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:sensation_4g:gri40:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A373B93-7BA1-474E-99E8-B0507A317C7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:sensation_z710e:gri40:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F11BB06-D097-48F9-9B39-28916BB3CA1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:htc:thunderbolt_4g:frg83d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F8DC280-89A4-482C-BCBA-7721E898935A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples dispositivos Android HTC incluyendo Desire HD FRG83D y GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40 y EVO 4G GRI40 permiten a atacantes remotos obtener las credenciales Wi-Fi 802.1X y el SSID a trav\u00e9s de una aplicaci\u00f3n modificada que utiliza el permiso android.permission.ACCESS_WIFI_STATE para invocar el m\u00e9todo toString en la clase WifiConfiguration."
    }
  ],
  "id": "CVE-2011-4872",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-02-05T11:55:03.047",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47837"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/763355"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/51790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/763355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51790"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-4872 (GCVE-0-2011-4872)

GSD-2011-4872

GHSA-2WX5-PG32-77VX

VAR-201202-0161

Affected Vendors:

Affected Versions:

Non-Affected Versions:

Severity

See also

Timeline:

Vulnerability Details:

Vendor Response

Credit

Contact Information

About

FKIE_CVE-2011-4872

Tags

Sightings

Nomenclature