CVE-2008-4540 - Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mecha

CVE-2008-4540

Summary

Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.

References

http://securityreason.com/securityalert/4402
http://www.securityfocus.com/archive/1/497151/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/45857

Vulnerable Configurations

cpe:2.3:h:htc:hermes:*:*:*:*:*:*:*:*
cpe:2.3:h:htc:hermes:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_mobile:6.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 11-10-2018 - 20:52)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20081008 Windows Mobile 6 insecure password handling and too short WLAN-password
sreason	4402
xf	windowsmobile-hermes-security-bypass(45857)

Last major update

11-10-2018 - 20:52

Published

13-10-2008 - 20:00

Last modified

11-10-2018 - 20:52