Lenovo ShareIt - jedna velka bezpecnostni dira
Napsal: 27 led 2016 13:10
Lenovo used third 'worst password' in file-sharing backdoor flaw http://www.zdnet.com/article/lenovo-use ... door-flaw/
When Lenovo ShareIt for Windows is configured to receive files, a Wi-Fi HotSpot is set with an easy password (12345678). Any system with a Wi-Fi Network card could connect to that Hotspot by using that password. The password is always the same."
Once a Wi-Fi network is active and connected using the default 12345678 password, files can be browsed through but not downloaded via a simple HTTP request, granting attackers the option to wander through data at will.
The third flaw, CVE-2016-1489, reveals that files transferred between Windows and Android machines are shifted in plain text and lack any form of encryption.
Finally, the fourth bug, CVE-2016-1492, was found in ShareIT's file transfer system. Users can open Wi-Fi HotSpots without any password, and so an attacker could connect to that HotSpot and capture the information transferred between Windows and Android devices.
Tohle nejsou jen typicke bezpecnostni chyby v implementaci, to je naproste ignorovani zakladnich principu bezpecnosti
I kdyz to mozna opravi, kolik podobnych logickych chyb tam asi jeste zbyva. Pryc s tim !
When Lenovo ShareIt for Windows is configured to receive files, a Wi-Fi HotSpot is set with an easy password (12345678). Any system with a Wi-Fi Network card could connect to that Hotspot by using that password. The password is always the same."
Once a Wi-Fi network is active and connected using the default 12345678 password, files can be browsed through but not downloaded via a simple HTTP request, granting attackers the option to wander through data at will.
The third flaw, CVE-2016-1489, reveals that files transferred between Windows and Android machines are shifted in plain text and lack any form of encryption.
Finally, the fourth bug, CVE-2016-1492, was found in ShareIT's file transfer system. Users can open Wi-Fi HotSpots without any password, and so an attacker could connect to that HotSpot and capture the information transferred between Windows and Android devices.
Tohle nejsou jen typicke bezpecnostni chyby v implementaci, to je naproste ignorovani zakladnich principu bezpecnosti
I kdyz to mozna opravi, kolik podobnych logickych chyb tam asi jeste zbyva. Pryc s tim !