The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html | Exploit |
http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt | Exploit |
Configurations
Information
Published : 2012-07-26 15:55
Updated : 2012-07-27 06:58
NVD link : CVE-2012-3888
Mitre link : CVE-2012-3888
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
airdroid
- airdroid