Contacts Backup \& Restore
Sign in to watchby Nq
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15999 | Cri | 0.64 | 9.8 | 0.00 | Oct 29, 2017 | In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required. | |
| CVE-2017-15997 | Hig | 0.51 | 7.8 | 0.00 | Oct 29, 2017 | In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file. | |
| CVE-2017-15998 | Hig | 0.49 | 7.5 | 0.00 | Oct 29, 2017 | In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. |