Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.
Weakness
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mobile_spy | Flexispy | - (including) | - (including) |
Potential Mitigations
Related Attack Patterns
References
- http://osvdb.org/43625
- http://osvdb.org/43626
- http://securityreason.com/securityalert/3333
- http://www.airscanner.com/security/07101401_mobilespy.htm
- http://www.informit.com/articles/article.aspx?p=1077909
- http://www.securityfocus.com/archive/1/482663/100/0/threaded
- http://www.securityfocus.com/bid/26177
- http://osvdb.org/43625
- http://osvdb.org/43626
- http://securityreason.com/securityalert/3333
- http://www.airscanner.com/security/07101401_mobilespy.htm
- http://www.informit.com/articles/article.aspx?p=1077909
- http://www.securityfocus.com/archive/1/482663/100/0/threaded
- http://www.securityfocus.com/bid/26177