An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app.
References
Link | Resource |
---|---|
https://dojo.bullguard.com/dojo-by-bullguard/blog/august-connect/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-01-02T18:00:00
Updated: 2019-01-02T17:57:02
Reserved: 2018-12-12T00:00:00
Link: CVE-2018-20100
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-01-02T18:29:01.230
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-20100
JSON object: View
Redhat Information
No data.
CWE