{"vuid":"VU#763355","idnumber":"763355","name":"802.1X password exploit on many HTC Android devices","keywords":["802.1X","password","exploit","HTC","Android"],"overview":"A user's 802.1X WiFi credentials and SSID information may be exposed  to any application with basic WiFi permissions on certain HTC builds of Android.","clean_desc":"Any Android application on an affected HTC build with the android.permission.ACCESS_WIFI_STATE permission can use the .toString() member of the WifiConfiguration class to view all 802.1X credentials and SSID information. If the same application also has the android.permission.INTERNET permission then that application can harvest the credentials and exfiltrate them to a server on the Internet. The following devices have been reported as affected: Desire HD  (both \"ace\" and \"spade\" board revisions) - Versions FRG83D, GRI40\nGlacier - Version FRG83\nDroid Incredible - Version FRF91\nThunderbolt 4G - Version FRG83D\nSensation Z710e - Version GRI40\nSensation 4G - Version GRI40\nDesire S - Version GRI40\nEVO 3D - Version GRI40\nEVO 4G - Version GRI40 The following devices have been reported as not affected: myTouch3g\nNexus One\nAdditional details can be found in Bret Jordan's blog post.","impact":"An attacker may be able to view and exfiltrate WiFi SSID information and credentials.","resolution":"Apply an Update\nUsers with an affected HTC phone should visit the HTC support site for instructions on how to update their phone. In some cases, the update will be automatically delivered to the phone.","workarounds":"","sysaffected":"","thanks":"Thanks to Chris Hessing and Bret Jordan for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.htc.com/www/help/","http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html"],"cveids":["CVE-2011-4872"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-09-08T13:38:25Z","publicdate":"2012-02-01T00:00:00Z","datefirstpublished":"2012-02-01T15:11:50Z","dateupdated":"2012-02-01T15:49:33Z","revision":19,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"5","cam_exploitation":"5","cam_internetinfrastructure":"5","cam_population":"6","cam_impact":"6","cam_easeofexploitation":"11","cam_attackeraccessrequired":"11","cam_scorecurrent":"1.225125","cam_scorecurrentwidelyknown":"2.45025","cam_scorecurrentwidelyknownexploited":"3.675375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.225125,"vulnote":null}