what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Android HTC Mail Insecure Password Management

Android HTC Mail Insecure Password Management
Posted Aug 6, 2012
Authored by HexView | Site hexview.com

The HTC Mail application on Android stores passwords base64 encoded after swapping around odd and even characters.

tags | exploit
SHA-256 | 5dbb95f9e5f9adae904123eb9746ffa5bfd499af74e2a90f0e01d0d5d1ae9cf8

Android HTC Mail Insecure Password Management

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Android HTC Mail insecure password management

Classification:
===============
Level: low-[MED]-high-crit
ID: HEXVIEW*2012*08*05*01
URL: http://www.hexview.com/docs/20120805-1.txt

Overview:
=========
HTC is $9.5B(USD) Taiwanese manufacturer of smartphones and tablets, primarily
Android-based. HTC's devices account for 5% of the smartphone market and for
about 15% of all Android devices sold in the US. Most HTC devices come with an
application called HTC Mail. HexView discovered that HTC Mail insecurely stores
mailbox credentials.

Affected products:
==================
HTC Mail application, all versions (package: com.htc.android.mail)

Vulnerability Summary:
======================
Android OS comes with a feature called AccountManager that lets applications
manage user credentials in a more or less secure fashion. HTC Mail instead stores
usernames and passwords directly in its database obfuscated with a weak, trivial
to reverse algorithm.

Technical Details:
==================
HTC Mail application stores user credentials in the 'accounts' table in its 'mail.db'
SQLite database. The table contains usernames, email addresses, hostnames, mailbox
and SMTP passwords for each mail account configured in the Mail application. All data
is stored in a plain text except for passwords that are "encrypted" as follows:
1. Password characters at odd and even positions are swapped.
2. The byteswapped string is base-64 encoded twice.
3. The resulting base64-encoded password is stored in the database.

Demonstration:
==================
HexView produced a script for the GameSpector application (available in Google Play)
that decodes and displays HTC mail passwords. GameSpector requires root access.

Distribution:
=============
This document may be freely distributed through any channels as long as
its content is kept intact. Commercial use of the information in the
document is not allowed without written permission from HexView.
Please direct all questions to vtalk@hexview.com

About HexView:
==============
HexView is a technology consulting boutique offering a variety of information
security services, including security assessments of mobile applications.
For more information visit http://www.hexview.com

Feedback and comments:
======================
Feedback and questions about this disclosure are welcome at vtalk@hexview.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlAezhcACgkQDPV1+KQrDqQW8gCfcT0koImRoJppbUwVkweaoxmG
xD4Anj4osjlOWR1JmnWbLAwcoeHN0UjJ
=g+yV
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close