Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nq Subscribe
Filtered by product Contacts Backup \& Restore
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15997 1 Nq 1 Contacts Backup \& Restore 2019-10-02 2.1 LOW 7.8 HIGH
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.
CVE-2017-15998 1 Nq 1 Contacts Backup \& Restore 2019-10-02 5.0 MEDIUM 7.5 HIGH
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.
CVE-2017-15999 1 Nq 1 Contacts Backup \& Restore 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.