Insecure Transmission of Login and User Data in NQ Contacts Backup & Restore Android App

Insecure Transmission of Login and User Data in NQ Contacts Backup & Restore Android App

CVE-2017-15999 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.

Learn more about our Cis Benchmark Audit For Google Android.