Cleartext Transmission of Sensitive Information

CVE-2018-18908

Medium

5.9/10

Summary

The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-319 - Cleartext Transmission of Sensitive Information

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

Advisory Timeline

Published Jan 20, 2019

Cleartext Transmission of Sensitive Information

CVE-2018-18908

Summary

CWE-319 - Cleartext Transmission of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS