Static RC4 Key Vulnerability in NQ Contacts Backup & Restore Application

Static RC4 Key Vulnerability in NQ Contacts Backup & Restore Application

CVE-2017-15997 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.

Learn more about our Cis Benchmark Audit For Google Android.