Lenovo SHAREit prior to 3.2.0 for Windows and SHAREit prior to 3.5.48_ww for Android transfer files in cleartext, which allows remote malicious users to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lenovo shareit |
Lenov-lol
Lenovo ShareIT users, get patching: the PC maker's file-sharing app is pretty much unsecured. The software runs on Windows and Android devices, and creates a Wi-Fi hotspot allowing data to be exchanged – from phone to PC, PC to phone, etc. But the wireless network is pretty much unsecured on both platforms. In ShareIT for Windows, the Wi-Fi uses “12345678” as a hardcoded password, while in Android, there's no password at all. If someone logs into the Wi-Fi hotspot on Windows, they can brow...