Home > Vulnerability Database > CVE-2011-2344

Mend.io Vulnerability Database

CVE-2011-2344

Good to know:

Date: July 8, 2011

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.

Language: Java

Severity Score

9.8

Related Resources (5)

Url: http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html

Url: http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-2344

Url: http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e

Url: https://www.mend.io/vulnerability-database/CVE-2011-2344

Severity Score

9.8

Weakness Type (CWE)

Cryptographic Issues

CWE-310

Top Fix

Upgrade Version

Upgrade to version android-2.3.5_r1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-2344

Good to know:

Date: July 8, 2011

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?