Vulnerability Details CVE-2017-15999
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2017-15999
-
cpe:2.3:a:nq:contacts_backup_&_restore:1.1