CNVD-2018-00115

Vulnerability from cnvd - Published: 2018-01-05
VLAI Severity ?
Title
Vibease Wireless Remote Vibrator app for Android和Vibease Chat app for iOS漏洞
Description
Vibease Wireless Remote Vibrator app for Android是一款基于Android平台的无线遥控应用程序。Vibease Chat app for iOS是一款基于iOS平台的在线聊天软件。 基于Android平台的Vibease Wireless Remote Vibrator app和基于iOS平台的Vibease Chat app中存在安全漏洞,该漏洞源于程序以明文的形式交换与其他应用程序之间的消息并使用PLAIN SASL机制向Vibease服务器发送身份验证令牌。远程攻击者可通过嗅探XMPP流量利用该漏洞获取用户证书、消息和其他敏感信息。
Severity
Formal description

目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://www.vibease.com/

Reference
https://dl.acm.org/citation.cfm?id=3139942&preflayout=flat
Impacted products
Name
['Vibease Chat app for iOS', 'Vibease Wireless Remote Vibrator app for Android']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14486",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14486"
    }
  },
  "description": "Vibease Wireless Remote Vibrator app for Android\u662f\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u65e0\u7ebf\u9065\u63a7\u5e94\u7528\u7a0b\u5e8f\u3002Vibease Chat app for iOS\u662f\u4e00\u6b3e\u57fa\u4e8eiOS\u5e73\u53f0\u7684\u5728\u7ebf\u804a\u5929\u8f6f\u4ef6\u3002\r\n\r\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684Vibease Wireless Remote Vibrator app\u548c\u57fa\u4e8eiOS\u5e73\u53f0\u7684Vibease Chat app\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u4ea4\u6362\u4e0e\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u4e4b\u95f4\u7684\u6d88\u606f\u5e76\u4f7f\u7528PLAIN SASL\u673a\u5236\u5411Vibease\u670d\u52a1\u5668\u53d1\u9001\u8eab\u4efd\u9a8c\u8bc1\u4ee4\u724c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u55c5\u63a2XMPP\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7528\u6237\u8bc1\u4e66\u3001\u6d88\u606f\u548c\u5176\u4ed6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.vibease.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00115",
  "openTime": "2018-01-05",
  "products": {
    "product": [
      "Vibease Chat app for iOS",
      "Vibease Wireless Remote Vibrator app for Android"
    ]
  },
  "referenceLink": "https://dl.acm.org/citation.cfm?id=3139942\u0026preflayout=flat",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-05",
  "title": "Vibease Wireless Remote Vibrator app for Android\u548cVibease Chat app for iOS\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.