Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-ID-s/CVE-2018-18698/MI A1.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
22 lines (16 sloc)
993 Bytes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########Found following vulnerability in Android Phone (Xiaomi Mi A1)######## | |
| Android Fingerprint (Tested on): | |
| xiaomi/tissot/tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE:user/release-keys | |
| Vulnerability: | |
| Hotspot Password is leaking in clear text in Logcat | |
| Description: | |
| When the user set up his Mi A1 hotspot, the password set by the user is leaking in clear text in logcat. | |
| Attack Scenario: | |
| Any malicious application can read the password through logcat & send it to the attacker. | |
| If the attacker is near the victim, he will be able to connect to the user's network. | |
| Steps to Reproduce: | |
| 1) Start monitoring the phone's logcat through "adb shell logcat" [append the logs into a file] | |
| 2) Now, just set up a new hotspot with any password & start the hotspot. | |
| 3) Just search for your password in the file create at step 1. You will see that the hotspot password is leaking in clear text in logcat. | |
| CVE-ID: CVE-2018-18698 | |
| Hall of Fame: https://sec.xiaomi.com/fame?year=2018&month=08 |