Vulnerabilities > CVE-2012-2567 - Credentials Management vulnerability in Xelex Mobiletrack 2.3.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
References
- http://blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerabilities-in-xelex-mobiletrack/
- http://blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerabilities-in-xelex-mobiletrack/
- http://secunia.com/advisories/49268
- http://secunia.com/advisories/49268
- http://www.kb.cert.org/vuls/id/464683
- http://www.kb.cert.org/vuls/id/464683
- http://www.securityfocus.com/bid/53634
- http://www.securityfocus.com/bid/53634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75783
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75783