Vulnerabilities > CVE-2016-1491 - Credentials Management vulnerability in Lenovo Shareit 2.5.1.1
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/135378/CORE-2016-0002.txt |
| id | PACKETSTORM:135378 |
| last seen | 2016-12-05 |
| published | 2016-01-25 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html |
| title | Lenovo ShareIT Information Disclosure / Hardcoded Password |
The Hacker News
| id | THN:40215F710216890B071AFE57EBF264DD |
| last seen | 2018-01-27 |
| modified | 2016-01-27 |
| published | 2016-01-26 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2016/01/shareit-file-sharing.html |
| title | Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit |
References
- http://packetstormsecurity.com/files/135378/Lenovo-ShareIT-Information-Disclosure-Hardcoded-Password.html
- http://seclists.org/fulldisclosure/2016/Jan/67
- http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities
- http://www.securityfocus.com/archive/1/537365/100/0/threaded
- https://support.lenovo.com/us/en/product_security/len_4058