Vulnerabilities > CVE-2016-1491 - Credentials Management vulnerability in Lenovo Shareit 2.5.1.1
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/135378/CORE-2016-0002.txt |
| id | PACKETSTORM:135378 |
| last seen | 2016-12-05 |
| published | 2016-01-25 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html |
| title | Lenovo ShareIT Information Disclosure / Hardcoded Password |
The Hacker News
| id | THN:40215F710216890B071AFE57EBF264DD |
| last seen | 2018-01-27 |
| modified | 2016-01-27 |
| published | 2016-01-26 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2016/01/shareit-file-sharing.html |
| title | Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit |
References
- http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities
- http://seclists.org/fulldisclosure/2016/Jan/67
- https://support.lenovo.com/us/en/product_security/len_4058
- http://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html
- http://www.securityfocus.com/archive/1/537365/100/0/threaded