Thread: Android Picasa Exploit
View Single Post
  #1 (permalink)  
Old 07-14-2011, 09:37 AM
tsowen's Avatar
tsowen
Retired Staff
Offline
Location: San Antonio
  
Join Date: Mar 2007
Posts: 4,849
Reputation: 78880
tsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation leveltsowen can't get a higher reputation level
Mentioned: 8 Post(s)
Tagged: 1 Thread(s)
Send a message via ICQ to tsowen Send a message via MSN to tsowen Send a message via Skype™ to tsowen
Android Picasa Exploit
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.

Source: National Vulnerability Database (NVD) National Vulnerability Database (CVE-2011-2344)
Reply With Quote
This post has been thanked 2 times.