Lenovo ShareIt - jedna velka bezpecnostni dira

notebooky Lenovo (IBM, ThinkPad, Lenovo 3000) a vše kolem
Puppy
guru
Příspěvky: 1888
Registrován: 16 kvě 2006 17:17

Lenovo ShareIt - jedna velka bezpecnostni dira

Příspěvekod Puppy » 27 led 2016 13:10

Lenovo used third 'worst password' in file-sharing backdoor flaw http://www.zdnet.com/article/lenovo-use ... door-flaw/

When Lenovo ShareIt for Windows is configured to receive files, a Wi-Fi HotSpot is set with an easy password (12345678). Any system with a Wi-Fi Network card could connect to that Hotspot by using that password. The password is always the same."

Once a Wi-Fi network is active and connected using the default 12345678 password, files can be browsed through but not downloaded via a simple HTTP request, granting attackers the option to wander through data at will.

The third flaw, CVE-2016-1489, reveals that files transferred between Windows and Android machines are shifted in plain text and lack any form of encryption.

Finally, the fourth bug, CVE-2016-1492, was found in ShareIT's file transfer system. Users can open Wi-Fi HotSpots without any password, and so an attacker could connect to that HotSpot and capture the information transferred between Windows and Android devices.

Tohle nejsou jen typicke bezpecnostni chyby v implementaci, to je naproste ignorovani zakladnich principu bezpecnosti :? I kdyz to mozna opravi, kolik podobnych logickych chyb tam asi jeste zbyva. Pryc s tim !

Puppy
guru
Příspěvky: 1888
Registrován: 16 kvě 2006 17:17

Příspěvekod Puppy » 29 led 2016 12:37



Zpět na „notebooky Lenovo (dříve IBM)“

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů