Vulnerability Description
AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Airdroid | Airdroid | 1.0.4 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.htmlExploit
- http://www.tele-consulting.com/advisories/TC-SA-2012-02.txtExploit
- http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.htmlExploit
- http://www.tele-consulting.com/advisories/TC-SA-2012-02.txtExploit
FAQ
What is CVE-2012-3886?
CVE-2012-3886 is a vulnerability with a CVSS score of 5.0 (MEDIUM). AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless...
How severe is CVE-2012-3886?
CVE-2012-3886 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3886?
Check the references section above for vendor advisories and patch information. Affected products include: Airdroid Airdroid.