Vulnerabilities > CVE-2010-0113 - Credentials Management vulnerability in Symantec Mobile Security 1.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- http://osvdb.org/69253
- http://www.securityfocus.com/bid/44767
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00
- http://www.vupen.com/english/advisories/2010/2982
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63294