QwikSec

Security Database

CVE

CWE

Training

CVE-2018-7259

Published: Feb 20, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.reddit.com/r/flightsim/comments/7yh4zu/fslabs_a320_installer_seems_to_include_a_chrome/

x_refsource_MISC

https://forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/

x_refsource_MISC

https://medium.com/%40lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4d23368

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.