QwikSec

Security Database

CVE

CWE

Training

CVE-2011-2344

Published: Jul 8, 2011

Modified: Sep 16, 2024

PUBLISHED

Description

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20

x_refsource_CONFIRM

http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e

x_refsource_CONFIRM

http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.