Nq - Contacts Backup \& Restore CVE

Filtered by vendor Nq Subscribe

Filtered by product Contacts Backup \& Restore

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-15999	1 Nq	1 Contacts Backup \& Restore	2019-10-03	5.0 MEDIUM	9.8 CRITICAL
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.

Vulnerabilities (CVE)