CVE-2011-1840

The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt
http://www.securityfocus.com/bid/47765
http://securityreason.com/securityalert/8250

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:martinicreations:passmanlite_password_manager::::::::
	cpe:2.3:a:martinicreations:passmanlite_password_manager:1.45:::::::*
	cpe:2.3:a:martinicreations:passmanlite_password_manager:1.42:::::::*
	cpe:2.3:a:martinicreations:passmanlite_password_manager:1.46:::::::*
	cpe:2.3:a:martinicreations:passmanlite_password_manager:1.44:::::::*
	cpe:2.3:a:martinicreations:passmanlite_password_manager:1.43:::::::*

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Information

Published : 2011-05-13 10:05

Updated : 2011-09-21 20:30

NVD link : CVE-2011-1840

Mitre link : CVE-2011-1840

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

martinicreations

passmanlite_password_manager

google

android

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt", "name": "http://www.simonroses.com/wp-content/uploads/2011/05/SRF-SA-2011-01.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/47765", "name": "47765", "tags": [], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/8250", "name": "8250", "tags": [], "refsource": "SREASON"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1840", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-05-13T17:05Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:martinicreations:passmanlite_password_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.47"}, {"cpe23Uri": "cpe:2.3:a:martinicreations:passmanlite_password_manager:1.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:martinicreations:passmanlite_password_manager:1.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:martinicreations:passmanlite_password_manager:1.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:martinicreations:passmanlite_password_manager:1.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:martinicreations:passmanlite_password_manager:1.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-09-22T03:30Z"}

2.1 /10