[Japanese]

JVNDB-2012-000103

Monaca Debugger for Android information management vulnerability

Overview

Monaca Debugger for Android contains an information management vulnerability.

Monaca Debugger provided by Asial Corporation contains an issue where account information of the product or other information such as session IDs are saved in a log file.

KuMaGa ShiRoIHi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Asial Corporation
  • Monaca Debugger ver1.4.1 and earlier

Impact

Android applications with permissions to read system log files may obtain users credentials of Monaca or other information such as session IDs.
Solution

[Update the Software]
Apply the latest update according to the information provided by the developer.
Vendor Information

Asial Corporation
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-5172
References

  1. JVN : JVN#56923652
  2. National Vulnerability Database (NVD) : CVE-2012-5172
Revision History

  • [2012/11/16]
      Web page was published

Date Public2012/11/16
Date First Published2012/11/16
Date Last Updated2012/11/16