Nq: >> Contacts Backup & Restore >> 1.1 Security Vulnerabilities
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-10-29
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-10-29
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-10-29