LISTSERV - MOBILE Archives

MOBILE Archives

February 2012

MOBILE@LIST.UVM.EDU

LISTSERV Archives

MOBILE Home

MOBILE February 2012

Subscribe or Unsubscribe

Search Archives

Options:

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message:

[<< First] [< Prev] [Next >] [Last >>]

Topic:

[<< First] [< Prev] [Next >] [Last >>]

Author:

[<< First] [< Prev] [Next >] [Last >>]

Content-Type:

multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enigF3E7E670272A2C3D6398C662"

Sender:

Discussions about Mobile Devices <[log in to unmask]>

Subject:

802.1X password exposure flaw on many HTC Android devices (CVE-2011-4872)

From:

Sam Hooker <[log in to unmask]>

Date:

Thu, 2 Feb 2012 11:45:37 -0500

In-Reply-To:

<[log in to unmask]>

MIME-Version:

1.0

Reply-To:

Discussions about Mobile Devices <[log in to unmask]>

Parts/Attachments:

text/plain (826 bytes) , signature.asc (904 bytes)


A flaw which has the potential to expose 802.1X wireless credentials by
way of a malicious app has been discovered in some HTC builds of Android[1].

The campus-wide wireless network "UVM" uses 802.1X for access control,
and many devices are likely to store NetID credentials for use with that
network; those credentials may be at risk of exposure. Users of
Android-enabled HTC devices should visit HTC support[2] for assistance
in obtaining and installing code updates to mitigate the exposure.

If you or your constituents use HTC Android devices, visit the US-CERT
bulletin[1] for a list of those confirmed to be affected.


Cheers,

-sth

[1]http://www.kb.cert.org/vuls/id/763355
[2]http://www.htc.com/www/help

--
Sam Hooker | [log in to unmask]
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont

ATOM RSS1 RSS2

LIST.UVM.EDU