Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30288
HistoryFeb 03, 2014 - 12:00 a.m.

[CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)

2014-02-0300:00:00
vulners.com
17
JSON

  1. ADVISORY INFORMATION
    ========================
    Title: GoToMeeting Information Disclosure via Logging Output (Android)
    CVE: CVE-2014-1664
    CVE Information: ASSIGNED
    Date published: PUBLIC
    Date of last update: 01/23/2014
    Vendor Contacted: Citrix
    Release mode: Coordinated Release

  2. VULNERABILITY INFORMATION
    =============================
    Class: Information Disclosure
    Impact: CVSS Details specified below
    Remotely Exploitable: No
    Locally Exploitable: Yes
    CVE Name: [CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)

  3. VULNERABILITY DESCRIPTION
    ============================
    The latest release of the software is vulnerable to information disclosure via logging output, resulting in the leak of userID, meeting details, and authentication tokens. Android applications with permissions to read system log files may obtain the leaked information.

  4. VULNERABLE PACKAGES
    ======================

  • com.citrixonline.android.gotomeeting-1.apk version 5.0.799.1238 (Android)
  1. NON-VULNERABLE PACKAGES
    ==========================
  • other platforms untested

  1. CREDITS
    ===========
    This vulnerability was discovered and researched by Claudio J. Lacayo.

  2. TECHNICAL DESCRIPTION / PROOF OF CONCEPT CODE
    =================================================
    <! ----- SNIPPET ------- !>

D/G2M (32190): HttpRequest to: https://www2.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&amp;android=true&amp;MeetingID=[MEETING_ID_REDACTED]
E/qcom_sensors_hal( 787): hal_process_report_ind: Bad item quality: 11
D/dalvikvm(32190): GC_CONCURRENT freed 1322K, 43% free 20491K/35456K, paused 6ms+1ms, total 33ms
D/G2M (32190): HttpRequest response from: GET https://www2.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&amp;android=true&amp;MeetingID=[MEETING_ID_REDACTED] -> 200
D/G2M (32190): HttpRequest response body: GET https://www2.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&amp;android=true&amp;MeetingID=[MEETING_ID_REDACTED] -> {"Status":"Redirect","RedirectHost":"www1.gotomeeting.com","MeetingId":"[MEETING_ID_REDACTED]"}
D/G2M (32190): Got 302 from legacy JSON API: www1.gotomeeting.com
D/G2M (32190): HttpRequest to: https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?android=true&amp;MeetingID=[MEETING_ID_REDACTED]
D/G2M (32190): HttpRequest response from: GET https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?android=true&amp;MeetingID=[MEETING_ID_REDACTED] -> 200
D/G2M (32190): HttpRequest response body: GET https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?android=true&amp;MeetingID=[MEETING_ID_REDACTED] -> {"Status":"MeetingNotStarted","MeetingId":"[MEETING_ID_REDACTED]","IsRecurring":false,"Endpoints":["Native"],"OrganizerName":"[REDACTED]","Subject":"[REDACTED]","MaxAttendees":100,"IsWebinar":false,"AudioParameters":{"CommParams":{"disableUdp":false},"ConferenceParams":{"supportedModes":"VoIP,PSTN,Private","initialMode":"Hybrid","SpeakerInfo":{"PhoneInfo":[{"description":"Default","number":"[REDACTED],"authToken":"AAFe4rYexu4Dm7qrL45/Egx+AAAAAFLdeSkAAAAAUt7KqUbWYmXH3OcczkhGaWRf0wM2OKWa","accessCode":"REDACTED"},"userId":"userId","authToken":"EAEBAQEBAQEBAQEBAQEBAQE=","privateMessage":"","audioKey":-1,"BridgeMutingControl":true,"VCBParams":{"Codec":[{"payloadType":103,"frameLength":30,"name":"ISAC","bitrate":32000,"channels":1,"samplingRate":16000},{"payloadType":0,"frameLength":20,"name":"PCMU","bitrate":64000,"ch
annels":1,"samplingRate":8000}],"VCB":{"port":5060,"ipAddr":"10.23.70.151"},"Options":{"asUpdates":true,"rtUpdates":true,"dtx":false}}}},"EndTime":1390239900000,"StartTime":1390237200000,"IsImpromptu":false}
D/G2M (32190): Got response from legacy JSON API: 200
D/G2M (32190): JoinService: Attempting to join Meeting
D/G2M (32190): MeetingService: Starting Meeting join on legacy…
D/G2M (32190): HttpRequest to: https://www.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?android=true&amp;MeetingID=[MEETING_ID_REDACTED]&amp;PhoneInfo=,MachineID=WFNUUVtWBVRUVwRQAwUCAA==,G2MAppVersion=5.0.799.1238,BuildType=releaseBuild,Brand=google,Manufacturer=LGE,Model=Nexus5,AndroidVersionRelease=4.4.2,AndroidVersionIncremental=937116,ID=KOT49H,Product=hammerhead,Device=hammerhead,CpuABI=armeabi-v7a
D/G2M (32190): ServiceResolver: COLService: BaseURL [https://www1.gotomeeting.com], isLegacy [true}, isWebinar [false]
D/G2M (32190): HttpRequest response from: GET https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&amp;android=true&amp;MeetingID=[MEETING_ID_REDACTED]&amp;PhoneInfo=,MachineID=WFNUUVtWBVRUVwRQAwUCAA==,G2MAppVersion=5.0.799.1238,BuildType=releaseBuild,Brand=google,Manufacturer=LGE,Model=Nexus5,AndroidVersionRelease=4.4.2,AndroidVersionIncremental=937116,ID=KOT49H,Product=hammerhead,Device=hammerhead,CpuABI=armeabi-v7a -> 302
D/G2M (32190): HttpRequest response body: GET https://www1.gotomeeting.com/meeting/getInfo/[MEETING_ID_REDACTED]?Portal=www.gotomeeting.com&amp;android=true&amp;MeetingID=[MEETING_ID_REDACTED]&amp;PhoneInfo=,MachineID=WFNUUVtWBVRUVwRQAwUCAA==,G2MAppVersion=5.0.799.1238,BuildType=releaseBuild,Brand=google,Manufacturer=LGE,Model=Nexus5,AndroidVersionRelease=4.4.2,AndroidVersionIncremental=937116,ID=KOT49H,Product=hammerhead,Device=hammerhead,CpuABI=armeabi-v7a -> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<! ----- SNIPPET ------- !>

  1. CVSS 2.0 BASE METRICS
    ========================
    Reference Base Vector Base Score
    CVSS Base Score
    5.4
    Impact Subscore
    7.8
    Exploitability Subscore
    3.4
    CVSS Temporal Score
    5.1
    CVSS Environmental Score
    6.6
    Modified Impact Subscore
    10
    Overall CVSS Score
    6.6

  2. REPORT TIMELINE
    ==================
    [1] 01/20/2014 - Vulnerability discovered, internal contact notified
    [2] 01/21/2014 - Citrix security team notified via email
    [3] 01/22/2014 - Citrix asked for testing environment details; provided.
    [4] 01/23/2014 - CVE provided by CNA; public disclosure.

  3. REFERENCES
    =============
    https://www.securecoding.cert.org/confluence/display/java/DRD04-J.+Do+not+log+sensitive+information
    https://play.google.com/store/apps/details?id=com.nolanlawson.logcat&amp;hl=en
    https://drive.google.com/file/d/0B3eEtV83VTFUWEgxSTRac3JvZlk/edit?usp=sharing
    http://nvd.nist.gov/cvss.cfm?calculator&amp;adv&amp;version=2

Related

prion 1
cve 1
seebug 1
securityvulns 1
packetstorm 1
prion
prion
Authentication flaw
2014-01-26 20:55:00
cve
cve
CVE-2014-1664
2014-01-26 20:55:00
seebug
seebug
GoToMeeting for Android多个本地信息泄露漏洞
2014-02-10 00:00:00
securityvulns
securityvulns
Citrix GoToMeeting information leakage
2014-02-03 00:00:00
packetstorm
packetstorm
GoToMeeting Information Disclosure
2014-01-26 00:00:00
JSON
Related for SECURITYVULNS:DOC:30288
prion1cve1seebug1securityvulns1packetstorm1