VYPR

Contacts Backup \& Restore

by Nq

CVEs (3)

  • CVE-2017-15999CriOct 29, 2017
    risk 0.64cvss 9.8epss 0.01

    In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it…

  • CVE-2017-15997HigOct 29, 2017
    risk 0.51cvss 7.8epss 0.00

    In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the…

  • CVE-2017-15998HigOct 29, 2017
    risk 0.49cvss 7.5epss 0.01

    In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.