NQ Mobile Contacts Backup & Restore 1.1 for Android

CPE Details

NQ Mobile Contacts Backup & Restore 1.1 for Android
nq
contacts_backup_\&_restore
1.1
2020-06-09
19h02 +00:00
2020-06-09
19h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nq:contacts_backup_\&_restore:1.1:*:*:*:*:android:*:*

Informations

Vendor

nq

Product

contacts_backup_\&_restore

Version

1.1

Target Software

android

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-15997 2017-10-29 17h00 +00:00 In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.
7.8
High
CVE-2017-15998 2017-10-29 17h00 +00:00 In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.
7.5
High
CVE-2017-15999 2017-10-29 17h00 +00:00 In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.
9.8
Critical