CVE-2012-3886
AirDroid 1.0.4 beta - Exposure of Sensitive Information via MD5 Hashing in Login Key and Cookie
Title source: llmDescription
AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack.
References (2)
Core 2
Core References
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html
Exploit x_refsource_misc
http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt
Scores
EPSS
0.0126
EPSS Percentile
66.2%
Details
CWE
CWE-200
Status
published
Products (1)
airdroid/airdroid
1.0.4 beta
Published
Jul 26, 2012
Tracked Since
Feb 18, 2026