Vulnerabilities > CVE-2013-2599 - Local Information Disclosure vulnerability in Multiple Code Aurora Forum Products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption passwords via a logcat call. <a href="http://cwe.mitre.org/data/definitions/534.html" target="_blank">CWE-534: Information Exposure Through Debug Log Files</a>