VAR-201202-0161
Vulnerability from variot - Updated: 2023-12-18 13:34Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class. A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android. HTC Made Android On the device, Wi-Fi There is a vulnerability in which authentication information is leaked. HTC Made Android The device has a problem managing authentication information, Wi-Fi There is a vulnerability in which authentication information is leaked.Configured for the product by a remote third party Wi-Fi Authentication information may be obtained. If the same application also has android.permission.INTERNET permission, the application can collect this information and send it to the server on the remote Internet. Multiple HTC devices are prone to an information-disclosure vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to install a malicious application with 'android.permission.ACCESS_WIFI_STATE' and 'android.permission.INTERNET' permissions on the device running Android. Remote attackers can exploit this issue to gain access to sensitive information. This may aid in further attacks. This exploit exposes enterprise-privileged credentials in a manner that allows targeted exploitation.
Affected Vendors:
HTC
Affected Versions:
We have verified the following devices as having this issue (there may be others including some non-HTC phones): Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40 Glacier - Version FRG83 Droid Incredible - Version FRF91 Thunderbolt 4G - Version FRG83D Sensation Z710e - Version GRI40 Sensation 4G - Version GRI40 Desire S - Version GRI40 EVO 3D - Version GRI40 EVO 4G - Version GRI40
Non-Affected Versions:
myTouch3g (Appears to run either unmodified, or only lightly modified Android build) Nexus One (Runs unmodified Android build)
Severity
Critical
See also
CVE ID: CVE-2011-4872
Timeline:
- 2012-02-01: Public disclosure
- 2012-01-31: Submit final public disclosure doc to HTC Global for feedback
- 2012-01-31: HTC publishes information via their web site
- 2012-01-20: Public disclosure ? postponed
- 2012-01-19: Discussion with HTC Global on their time schedule
- 2012-01-05: Conference call with HTC Global
- 2012-01-02: Public disclosure ? postponed
- 2011-12-05: Discussed public disclosure time frames with HTC and Google
- 2011-10-11: Updated all individuals and groups that are aware of the issue
- 2011-10-11: Follow-up conference call with HTC Global and Google
- 2011-09-19: Updated all individuals and groups that were aware of the issue
- 2011-09-19: Conference call with HTC Global and Google
- 2011-09-08: HTC and Google verified exploit
- 2011-09-07: Notified key government agencies and CERT under non-public disclosure
- 2011-09-07: Initial email and phone call with HTC Global and Google
Vulnerability Details:
There is an issue in certain HTC builds of Android that can expose the user's 802.1X password to any program with the "android.permission.ACCESS_WIFI_STATE" permission. In addition, if the SSID is an identifiable SSID ("Sample University" or "Enterprise XYZ"), this issue exposes enterprise-privileged credentials in a manner that allows targeted exploitation. The resulting output will look something like this:
- ID: 2 SSID: "ct" BSSID: null PRIO: 16 KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN AuthAlgorithms: PairwiseCiphers: CCMP GroupCiphers: WEP40 WEP104 TKIP CCMP PSK: eap: PEAP phase2: auth=MSCHAPV2 identity: [Your User Name] anonymous_identity: password: client_cert: private_key: ca_cert: keystore://CACERT_ct
On most Android devices, the password field is either left blank, or simply populated with a "*" to indicate that a password is present. However, on affected HTC devices, the password field contains the actual user password in clear text.
This is sample output from a Sprint EVO running Android 2.3.3: * ID: 0 SSID: "wpa2eap" BSSID: null PRIO: 21 KeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN AuthAlgorithms: PairwiseCiphers: CCMP GroupCiphers: WEP40 WEP104 TKIP CCMP PSK: eap: TTLS phase2: auth=PAP identity: test anonymous_identity: password: test client_cert: private_key: ca_cert: keystore://CACERT_wpa2eap
Vendor Response
Google and HTC have been very responsive and good to work with on this issue. Google has made changes to the Android code to help better protect the credential store and HTC has released updates for all currently supported phone and side-loads for all non-supported phone.
Customer with affected versions can find information from HTC about updating their phone at: http://www.htc.com/www/help/
Google has also done a code scan of every application currently in the Android Market and there are no applications currently exploiting this vulnerability.
Credit
Chris Hessing from The Open1X Group (http://www.open1x.org) who is currently working on Android, iOS, Windows, Mac OSX, and Linux 802.1X tools for Cloudpath Networks (http://www.cloudpath.net/) discovered this password exploit.
Contact Information
Chris Hessing Senior Engineer, Cloudpath Networks (chris.hessing@cloudpath.net) Chief Architect, Open1X Group (chris@open1x.org) Bret Jordan CISSP Senior Security Architect, Open1X Group (jordan@open1x.org)
About
Cloudpath Networks Cloudpath Networks provides software solutions that allow diverse environments to operate WPA2-Enterprise and 802.1X networks in a scalable, sustainable manner.ˇ From Bring Your Own Device (BYOD) in enterprise to student-owned devices in education, Cloudpath's XpressConnect Wizard has been proven to provide unmatched simplicity on millions of devices around the globe.
XpressConnect is an automated, self-service wizard for connecting users to WPA2-Enterprise and 802.1X across a wide range of device types and authentication methods, including credential-based (PEAP and TTLS) and certificate-based (TLS).ˇ For certificate-based environments, XpressConnect?s integration technology seamlessly connects to existing Microsoft CA servers to extend automated certificate issuance to non-domain devices, including iOS (iPhone, iPad, iPod Touch), Android, Windows, Mac OS X, and Linux.
The Open1X Group The Open1X Group is a strategic research and development group established in 2001 to support the creation and adoption of secure authentication systems over traditionally insecure network connection.
The Open1X Group performs active and ongoing research and analysis in to the IEEE 802.1X protocol, the IETF EAP Methods, emerging authentication technologies, and various cryptographic implementations. The Open1X Group has had the support of major Universities, enterprise companies, major Hi-Tech companies, and non-profit organizations. The Open1X Group also performs on-going analysis of business and academic interests in to secure authentication and single sign-on systems, and Government and non-Government regulations and mandates for compliance in secure authentication.
The Open1X Group leverages a distributed team of security architects, engineers, and research scientists with specializations in 802.1X, gird and high performance computing, wireless networking, federated authentication, black box testing, cryptography, large enterprise and University deployment experiences, and global project development.
The Open1X Group is a pioneer in the secure authentication space with the first major wide spread 802.1X federated deployment back in 1999/2000, and the development of a fully featured 802.1X supplicant, XSupplicant.
Bret Jordan CISSP Sr Security Architect PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." .
The vulnerability is caused due to an unspecified error and can be exploited by an application system administrator to gain super user privileges.
The vulnerability is reported in versions 6.0, 6.5, and 6.6.
SOLUTION: Apply patches (please see the vendor's advisory for details). ----------------------------------------------------------------------
SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296
TITLE: HTC Products Wi-Fi Credentials Disclosure Weakness
SECUNIA ADVISORY ID: SA47837
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47837/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47837
RELEASE DATE: 2012-02-02
DISCUSS ADVISORY: http://secunia.com/advisories/47837/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47837/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47837
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Open1X Group has reported a weakness in multiple HTC products, which can be exploited by malicious people to disclose potentially sensitive information.
The weakness is caused due to the "WifiConfiguration::toString()" method returning Wi-Fi credentials of stored networks in clear text.
Successful exploitation requires that a malicious application is installed with "android.permission.ACCESS_WIFI_STATE" permissions.
PROVIDED AND/OR DISCOVERED BY: Chris Hessing, Open1X Group.
ORIGINAL ADVISORY: HTC: http://www.htc.com/www/help/
Open1X Group: http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
US-CERT VU#763355: http://www.kb.cert.org/vuls/id/763355
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desire hd",
"scope": "eq",
"trust": 2.4,
"vendor": "htc",
"version": "gri40"
},
{
"model": "sensation 4g",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "gri40"
},
{
"model": "desire hd",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "frg83d"
},
{
"model": "evo 3d",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "gri40"
},
{
"model": "droid incredible",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "frf91"
},
{
"model": "thunderbolt 4g",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "frg83d"
},
{
"model": "desire s",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "gri40"
},
{
"model": "evo 4g",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "gri40"
},
{
"model": "sensation z710e",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "gri40"
},
{
"model": "glacier",
"scope": "eq",
"trust": 1.6,
"vendor": "htc",
"version": "frg83"
},
{
"model": "desire hd",
"scope": "eq",
"trust": 0.9,
"vendor": "htc",
"version": "0"
},
{
"model": "thunderbolt 4g frg83d",
"scope": null,
"trust": 0.9,
"vendor": "htc",
"version": null
},
{
"model": "sensation z710e gri40",
"scope": null,
"trust": 0.9,
"vendor": "htc",
"version": null
},
{
"model": "sensation 4g gri40",
"scope": null,
"trust": 0.9,
"vendor": "htc",
"version": null
},
{
"model": "glacier frg83",
"scope": null,
"trust": 0.9,
"vendor": "htc",
"version": null
},
{
"model": "evo 4g gri40",
"scope": null,
"trust": 0.9,
"vendor": "htc",
"version": null
},
{
"model": "evo 3d gri40",
"scope": null,
"trust": 0.9,
"vendor": "htc",
"version": null
},
{
"model": "droid incredible frf91",
"scope": null,
"trust": 0.9,
"vendor": "htc",
"version": null
},
{
"model": "desire s gri40",
"scope": null,
"trust": 0.9,
"vendor": "htc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "htc",
"version": null
},
{
"model": "desire hd",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "(ace and spade) - versions frg83d"
},
{
"model": "desire s",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "- version gri40"
},
{
"model": "droid incredible",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "- version frf91"
},
{
"model": "evo 3d",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "- version gri40"
},
{
"model": "evo 4g",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "- version gri40"
},
{
"model": "glacier",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "- version frg83"
},
{
"model": "sensation 4g",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "- version gri40"
},
{
"model": "sensation z710e",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "- version gri40"
},
{
"model": "thunderbolt 4g",
"scope": "eq",
"trust": 0.8,
"vendor": "htc",
"version": "- version frg83d"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763355"
},
{
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"db": "BID",
"id": "51790"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"db": "NVD",
"id": "CVE-2011-4872"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:htc:glacier:frg83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:droid_incredible:frf91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:thunderbolt_4g:frg83d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:sensation_4g:gri40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:desire_hd:frg83d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:evo_3d:gri40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:sensation_z710e:gri40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:desire_hd:gri40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:desire_s:gri40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:htc:evo_4g:gri40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4872"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Hessing and Bret Jordan",
"sources": [
{
"db": "BID",
"id": "51790"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4872",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4872",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4872",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#763355",
"trust": 0.8,
"value": "1.23"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-043",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763355"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"db": "NVD",
"id": "CVE-2011-4872"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class. A user\u0027s 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android. HTC Made Android On the device, Wi-Fi There is a vulnerability in which authentication information is leaked. HTC Made Android The device has a problem managing authentication information, Wi-Fi There is a vulnerability in which authentication information is leaked.Configured for the product by a remote third party Wi-Fi Authentication information may be obtained. If the same application also has android.permission.INTERNET permission, the application can collect this information and send it to the server on the remote Internet. Multiple HTC devices are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue by enticing an unsuspecting victim to install a malicious application with \u0027android.permission.ACCESS_WIFI_STATE\u0027 and \u0027android.permission.INTERNET\u0027 permissions on the device running Android. \nRemote attackers can exploit this issue to gain access to sensitive information. This may aid in further attacks. \u00a0 This exploit exposes\nenterprise-privileged credentials in a manner that allows targeted\nexploitation. \n\n\n--------------------------------------------------------------------------------\nAffected Vendors:\n--------------------------------------------------------------------------------\nHTC\n\n\n--------------------------------------------------------------------------------\nAffected Versions:\n--------------------------------------------------------------------------------\nWe have verified the following devices as having this issue (there may\nbe others including some non-HTC phones):\nDesire HD\u00a0 (both \"ace\" and \"spade\" board revisions) - Versions FRG83D, GRI40\nGlacier - Version FRG83\nDroid Incredible - Version FRF91\nThunderbolt 4G - Version FRG83D\nSensation Z710e - Version GRI40\nSensation 4G - Version GRI40\nDesire S - Version GRI40\nEVO 3D - Version GRI40\nEVO 4G - Version GRI40\n\n\n--------------------------------------------------------------------------------\nNon-Affected Versions:\n--------------------------------------------------------------------------------\nmyTouch3g\u00a0 (Appears to run either unmodified, or only lightly modified\nAndroid build)\nNexus One\u00a0 (Runs unmodified Android build)\n\n\n--------------------------------------------------------------------------------\nSeverity\n--------------------------------------------------------------------------------\nCritical\n\n\n--------------------------------------------------------------------------------\nSee also\n--------------------------------------------------------------------------------\nCVE ID: CVE-2011-4872\n\n\n--------------------------------------------------------------------------------\nTimeline:\n--------------------------------------------------------------------------------\n- 2012-02-01: Public disclosure\n- 2012-01-31: Submit final public disclosure doc to HTC Global for feedback\n- 2012-01-31: HTC publishes information via their web site\n- 2012-01-20: Public disclosure ? postponed\n- 2012-01-19: Discussion with HTC Global on their time schedule\n- 2012-01-05: Conference call with HTC Global\n- 2012-01-02: Public disclosure ? postponed\n- 2011-12-05: Discussed public disclosure time frames with HTC and Google\n- 2011-10-11: Updated all individuals and groups that are aware of the issue\n- 2011-10-11: Follow-up conference call with HTC Global and Google\n- 2011-09-19: Updated all individuals and groups that were aware of the issue\n- 2011-09-19: Conference call with HTC Global and Google\n- 2011-09-08: HTC and Google verified exploit\n- 2011-09-07: Notified key government agencies and CERT under\nnon-public disclosure\n- 2011-09-07: Initial email and phone call with HTC Global and Google\n\n\n\n--------------------------------------------------------------------------------\nVulnerability Details:\n--------------------------------------------------------------------------------\nThere is an issue in certain HTC builds of Android that can expose the\nuser\u0027s 802.1X password to any program with the\n\"android.permission.ACCESS_WIFI_STATE\" permission. In\naddition, if the SSID is an identifiable SSID (\"Sample University\" or\n\"Enterprise XYZ\"), this issue exposes enterprise-privileged\ncredentials in a manner that allows targeted exploitation. The resulting output will look\nsomething like this:\n\n* ID: 2 SSID: \"ct\" BSSID: null PRIO: 16\nKeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN\nAuthAlgorithms:\nPairwiseCiphers: CCMP\nGroupCiphers: WEP40 WEP104 TKIP CCMP\nPSK:\neap: PEAP\nphase2: auth=MSCHAPV2\nidentity: [Your User Name]\nanonymous_identity:\npassword:\nclient_cert:\nprivate_key:\nca_cert: keystore://CACERT_ct\n\nOn most Android devices, the password field is either left blank, or\nsimply populated with a \"*\" to indicate that a password is present. \nHowever, on affected HTC devices, the password field contains the\nactual user password in clear text. \n\nThis is sample output from a Sprint EVO running Android 2.3.3:\n* ID: 0 SSID: \"wpa2eap\" BSSID: null PRIO: 21\nKeyMgmt: WPA_EAP IEEE8021X Protocols: WPA RSN\nAuthAlgorithms:\nPairwiseCiphers: CCMP\nGroupCiphers: WEP40 WEP104 TKIP CCMP\nPSK:\neap: TTLS\nphase2: auth=PAP\nidentity: test\nanonymous_identity:\npassword: test\nclient_cert:\nprivate_key:\nca_cert: keystore://CACERT_wpa2eap\n\n\n--------------------------------------------------------------------------------\nVendor Response\n--------------------------------------------------------------------------------\nGoogle and HTC have been very responsive and good to work with on this\nissue. \u00a0 Google has made changes to the Android code to help better\nprotect the credential store and HTC has released updates for all\ncurrently supported phone and side-loads for all non-supported phone. \n\nCustomer with affected versions can find information from HTC about\nupdating their phone at: http://www.htc.com/www/help/\n\nGoogle has also done a code scan of every application currently in the\nAndroid Market and there are no applications currently exploiting this\nvulnerability. \n\n\n--------------------------------------------------------------------------------\nCredit\n--------------------------------------------------------------------------------\nChris Hessing from The Open1X Group (http://www.open1x.org) who is\ncurrently working on Android, iOS, Windows, Mac OSX, and Linux 802.1X\ntools for Cloudpath Networks (http://www.cloudpath.net/) discovered\nthis password exploit. \n\n\n--------------------------------------------------------------------------------\nContact Information\n--------------------------------------------------------------------------------\nChris Hessing\n\u00a0\u00a0\u00a0\u00a0 Senior Engineer, Cloudpath Networks (chris.hessing@cloudpath.net)\n\u00a0\u00a0\u00a0\u00a0 Chief Architect, Open1X Group (chris@open1x.org)\nBret Jordan CISSP\n\u00a0\u00a0\u00a0\u00a0 Senior Security Architect, Open1X Group (jordan@open1x.org)\n\n\n--------------------------------------------------------------------------------\nAbout\n--------------------------------------------------------------------------------\nCloudpath Networks\nCloudpath Networks provides software solutions that allow diverse\nenvironments to operate WPA2-Enterprise and 802.1X networks in a\nscalable, sustainable manner.\u02c7 From Bring Your Own Device (BYOD) in\nenterprise to student-owned devices in education, Cloudpath\u0027s\nXpressConnect Wizard has been proven to provide unmatched simplicity\non millions of devices around the globe. \n\nXpressConnect is an automated, self-service wizard for connecting\nusers to WPA2-Enterprise and 802.1X across a wide range of device\ntypes and authentication methods, including credential-based (PEAP and\nTTLS) and certificate-based (TLS).\u02c7 For certificate-based\nenvironments, XpressConnect?s integration technology seamlessly\nconnects to existing Microsoft CA servers to extend automated\ncertificate issuance to non-domain devices, including iOS (iPhone,\niPad, iPod Touch), Android, Windows, Mac OS X, and Linux. \n\nThe Open1X Group\nThe Open1X Group is a strategic research and development group\nestablished in 2001 to support the creation and adoption of secure\nauthentication systems over traditionally insecure network connection. \n\nThe Open1X Group performs active and ongoing research and analysis in\nto the IEEE 802.1X protocol, the IETF EAP Methods, emerging\nauthentication technologies, and various cryptographic\nimplementations. \u00a0 The Open1X Group has had the support of major\nUniversities, enterprise companies, major Hi-Tech companies, and\nnon-profit organizations. \u00a0 The Open1X Group also performs on-going\nanalysis of business and academic interests in to secure\nauthentication and single sign-on systems, and Government and\nnon-Government regulations and mandates for compliance in secure\nauthentication. \n\nThe Open1X Group leverages a distributed team of security architects,\nengineers, and research scientists with specializations in 802.1X,\ngird and high performance computing, wireless networking, federated\nauthentication, black box testing, cryptography, large enterprise and\nUniversity deployment experiences, and global project development. \n\nThe Open1X Group is a pioneer in the secure authentication space with\nthe first major wide spread 802.1X federated deployment back in\n1999/2000, and the development of a fully featured 802.1X supplicant,\nXSupplicant. \n\n\n\nBret Jordan CISSP\nSr Security Architect\nPGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303\n\"Without cryptography vihv vivc ce xhrnrw, however, the only thing\nthat can not be unscrambled is an egg.\"\n. \n\nThe vulnerability is caused due to an unspecified error and can be\nexploited by an application system administrator to gain super user\nprivileges. \n\nThe vulnerability is reported in versions 6.0, 6.5, and 6.6. \n\nSOLUTION:\nApply patches (please see the vendor\u0027s advisory for details). ----------------------------------------------------------------------\n\nSC Magazine awards the Secunia CSI a 5-Star rating\nTop-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 \n\n----------------------------------------------------------------------\n\nTITLE:\nHTC Products Wi-Fi Credentials Disclosure Weakness\n\nSECUNIA ADVISORY ID:\nSA47837\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47837/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47837\n\nRELEASE DATE:\n2012-02-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47837/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47837/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47837\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nOpen1X Group has reported a weakness in multiple HTC products, which\ncan be exploited by malicious people to disclose potentially\nsensitive information. \n\nThe weakness is caused due to the \"WifiConfiguration::toString()\"\nmethod returning Wi-Fi credentials of stored networks in clear text. \n\nSuccessful exploitation requires that a malicious application is\ninstalled with \"android.permission.ACCESS_WIFI_STATE\" permissions. \n\nPROVIDED AND/OR DISCOVERED BY:\nChris Hessing, Open1X Group. \n\nORIGINAL ADVISORY:\nHTC:\nhttp://www.htc.com/www/help/\n\nOpen1X Group:\nhttp://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html\n\nUS-CERT VU#763355:\nhttp://www.kb.cert.org/vuls/id/763355\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4872"
},
{
"db": "CERT/CC",
"id": "VU#763355"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"db": "BID",
"id": "51790"
},
{
"db": "PACKETSTORM",
"id": "109344"
},
{
"db": "PACKETSTORM",
"id": "109394"
},
{
"db": "PACKETSTORM",
"id": "109362"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#763355",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2011-4872",
"trust": 3.4
},
{
"db": "BID",
"id": "51790",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "47837",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001308",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "47860",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-0389",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20120201 802.1X PASSWORD EXPLOIT ON MANY HTC ANDROID DEVICES",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18651",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201202-043",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "109344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109394",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109362",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763355"
},
{
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"db": "BID",
"id": "51790"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"db": "PACKETSTORM",
"id": "109344"
},
{
"db": "PACKETSTORM",
"id": "109394"
},
{
"db": "PACKETSTORM",
"id": "109362"
},
{
"db": "NVD",
"id": "CVE-2011-4872"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
]
},
"id": "VAR-201202-0161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0389"
}
],
"trust": 1.2758432475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0389"
}
]
},
"last_update_date": "2023-12-18T13:34:53.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HTC Help Center - WiFi security fix",
"trust": 0.8,
"url": "http://www.htc.com/www/help/#w1307647922146"
},
{
"title": "Patch for multiple HTC devices \u0027Android.permission.ACCESS_WIFI_STATE\u0027 information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/8691"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"db": "NVD",
"id": "CVE-2011-4872"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/763355"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/47837"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/51790"
},
{
"trust": 1.0,
"url": "http://www.htc.com/www/help/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4872"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu763355"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4872"
},
{
"trust": 0.6,
"url": "http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.htmlhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/47860"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18651"
},
{
"trust": 0.3,
"url": "http://www.htc.com/www/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/296"
},
{
"trust": 0.1,
"url": "http://www.cloudpath.net/)"
},
{
"trust": 0.1,
"url": "http://www.open1x.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4872"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/att-0005/esa-2012-009.txt"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47860/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47860"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47860/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47837/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47837"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47837/#comments"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763355"
},
{
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"db": "BID",
"id": "51790"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"db": "PACKETSTORM",
"id": "109344"
},
{
"db": "PACKETSTORM",
"id": "109394"
},
{
"db": "PACKETSTORM",
"id": "109362"
},
{
"db": "NVD",
"id": "CVE-2011-4872"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#763355"
},
{
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"db": "BID",
"id": "51790"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"db": "PACKETSTORM",
"id": "109344"
},
{
"db": "PACKETSTORM",
"id": "109394"
},
{
"db": "PACKETSTORM",
"id": "109362"
},
{
"db": "NVD",
"id": "CVE-2011-4872"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-01T00:00:00",
"db": "CERT/CC",
"id": "VU#763355"
},
{
"date": "2012-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"date": "2012-02-01T00:00:00",
"db": "BID",
"id": "51790"
},
{
"date": "2012-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"date": "2012-02-02T02:00:50",
"db": "PACKETSTORM",
"id": "109344"
},
{
"date": "2012-02-02T06:44:24",
"db": "PACKETSTORM",
"id": "109394"
},
{
"date": "2012-02-02T03:31:21",
"db": "PACKETSTORM",
"id": "109362"
},
{
"date": "2012-02-05T11:55:03.047000",
"db": "NVD",
"id": "CVE-2011-4872"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-01T00:00:00",
"db": "CERT/CC",
"id": "VU#763355"
},
{
"date": "2012-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"date": "2012-02-01T00:00:00",
"db": "BID",
"id": "51790"
},
{
"date": "2012-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001308"
},
{
"date": "2012-02-16T05:00:00",
"db": "NVD",
"id": "CVE-2011-4872"
},
{
"date": "2012-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "109344"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple HTC Devices \u0027Android.permission.ACCESS_WIFI_STATE\u0027 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0389"
},
{
"db": "BID",
"id": "51790"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-043"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.