Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-15999

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Oct, 2017 | 17:00
Updated At-16 Sep, 2024 | 18:43
Rejected At-
Credits

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Oct, 2017 | 17:00
Updated At:16 Sep, 2024 | 18:43
Rejected At:
▼CVE Numbering Authority (CNA)

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html
x_refsource_MISC
Hyperlink: https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html
x_refsource_MISC
x_transferred
Hyperlink: https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Oct, 2017 | 17:29
Updated At:20 Apr, 2025 | 01:37

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
nq
nq
>>contacts_backup_\&_restore>>1.1
cpe:2.3:a:nq:contacts_backup_\&_restore:1.1:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-319Primarynvd@nist.gov
CWE ID: CWE-319
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.htmlcve@mitre.org
Third Party Advisory
https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

163Records found
CVE-2018-6295
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.35%
||
7 Day CHG~0.00%
Published-13 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unencrypted way of remote control and communications in Hanwha Techwin Smartcams

Action-Not Available
Vendor-hanwha-securityHanwha Techwin
Product-snh-v6410pn_firmwaresnh-v6410pnsnh-v6410pnwsnh-v6410pnw_firmwareHanwha Techwin Smartcams
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-7259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.26%
||
7 Day CHG~0.00%
Published-20 Feb, 2018 | 00:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.

Action-Not Available
Vendor-flightsimlabsn/a
Product-a320-xn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-29397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.74%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 18:52
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.

Action-Not Available
Vendor-globalnorthstarn/a
Product-northstar_club_managementn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-27422
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.73%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 19:46
Updated-16 Apr, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.

Action-Not Available
Vendor-geGE
Product-multilin_l90_firmwaremultilin_b90_firmwaremultilin_b30_firmwaremultilin_c60multilin_b90multilin_t35_firmwaremultilin_c30multilin_c30_firmwaremultilin_f60_firmwaremultilin_n60multilin_t35multilin_c60_firmwaremultilin_l30_firmwaremultilin_c70multilin_c95_firmwaremultilin_c70_firmwaremultilin_g30_firmwaremultilin_c95multilin_n60_firmwaremultilin_l60multilin_m60_firmwaremultilin_t60multilin_t60_firmwaremultilin_g60_firmwaremultilin_l90multilin_g60multilin_f60multilin_m60multilin_g30multilin_f35_firmwaremultilin_l30multilin_d30_firmwaremultilin_d60_firmwaremultilin_d60multilin_b30multilin_l60_firmwaremultilin_f35multilin_d30UR family
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-4227
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.91%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-19944
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.55%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 16:33
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Transmission of Sensitive Information in SNMP

A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qtsQTS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2017-7147
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 32.09%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osapple_supportn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-20174
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.84%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 21:31
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700_firmwarer6700Netgear Nighthawk R6700
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-20175
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.84%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 21:31
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700_firmwarer6700Netgear Nighthawk R6700
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-11685
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.05%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-golandn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-7003
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:02
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-iologik_2512-wl1-eu-t_firmwareiologik_2542-wl1-jpiologik_2542-wl1-jp-t_firmwareiologik_2512iologik_2512-t_firmwareiologik_2512-tiologik_2542-wl1-jp_firmwareiologik_2512-wl1-jp-t_firmwareiologik_2512-wl1-jp-tiologik_2542_firmwareiologik_2542-wl1-usiologik_2512-wl1-usiologik_2512-hspa-tiologik_2512-wl1-jp_firmwareiologik_2542-wl1-eu_firmwareiologik_2542-hspa_firmwareiologik_2542-wl1-jp-tiologik_2512-wl1-eu-tiologik_2542-t_firmwareiologik_2542-wl1-eu-t_firmwareiologik_2542-wl1-us-tiologik_2512-hspa-t_firmwareiologik_2512_firmwareiologik_2512-wl1-us-t_firmwareiologik_2542-wl1-eu-tiologik_2542-wl1-euiologik_2512-wl1-us-tiologik_2542-wl1-us-t_firmwareiologik_2542-tiologik_2512-wl1-eu_firmwareiologik_2512-wl1-euiologik_2542-hspaiologik_2512-wl1-jpiologik_2512-wl1-us_firmwareiologik_2542-wl1-us_firmwareiologik_2542-hspa-t_firmwareiologik_2512-hspaiologik_2542iologik_2512-hspa_firmwareiologik_2542-hspa-tMoxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-6198
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.73%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 20:18
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.

Action-Not Available
Vendor-SAP SE
Product-solution_managerSAP Solution Manager (Diagnostics Agent)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-7675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-09 Feb, 2019 | 22:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.

Action-Not Available
Vendor-mobotixn/a
Product-s14_firmwares14n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found