CVE Vulnerabilities

CVE-2018-18908

Cleartext Transmission of Sensitive Information

Published: Jan 20, 2019 | Modified: Nov 21, 2024
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victims Sky username.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name Vendor Start Version End Version
Sky_go Sky 1.0.19-1 (including) 1.0.23-1 (including)

Potential Mitigations

References