CVE-2012-3886

{"id": "CVE-2012-3886", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-26T22:55:01.793", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack."}, {"lang": "es", "value": "AirDroid v1.0.4 Beta utiliza el algoritmo MD5 para valores en el par\u00e1metro key de checklogin y en la cookie 7BB, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos el obtener datos en claro espiando el tr\u00e1fico de la red inal\u00e1mbrica local y luego realizando un (1) ataque de fuerza bruta o (2) un ataque de 'rainbow-tables' ."}], "lastModified": "2012-07-27T13:48:13.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:airdroid:airdroid:1.0.4:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18DA093A-2C50-4D62-A65B-CDB061CCA01D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}