CVE-2018-18908

MEDIUM

Sky Go Desktop 1.0.19-1-1.0.23-1 - Cleartext Transmission of Sensitive Information via HTTP

Title source: llm
STIX 2.1

Description

The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.sean-wright.com/sky/

Scores

CVSS v3 5.9
EPSS 0.0056
EPSS Percentile 42.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-319
Status published
Products (1)
sky/sky_go 1.0.19-1 - 1.0.23-1
Published Jan 20, 2019
Tracked Since Feb 18, 2026