CVE-2011-2344 - Vulnerability Details - OpenCVE

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

OR	cpe:2.3:o:google:android:2.1:::::::*
	cpe:2.3:o:google:android:2.2:::::::*
	cpe:2.3:o:google:android:2.2:rev1::::::
	cpe:2.3:o:google:android:2.2.1:::::::*
	cpe:2.3:o:google:android:2.2.2:::::::*
	cpe:2.3:o:google:android:2.3:rev1::::::
	cpe:2.3:o:google:android:2.3.3:::::::*
	cpe:2.3:o:google:android:2.3.4:::::::*
	cpe:2.3:o:google:android:3.0:::::::*

No data.

References

Link	Providers
http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e
http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20
http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2011-07-08T17:00:00Z

Updated: 2024-09-16T18:49:52.042Z

Reserved: 2011-06-02T00:00:00Z

Link: CVE-2011-2344

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-07-08T17:55:01.007

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-2344

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-07-08T17:00:00Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e"}, {"tags": ["x_refsource_MISC"], "url": "http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2011-2344", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git;a=commit;h=9a418de454e5ce078c98f41b5c18e3bb9175bd20", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git;a=commit;h=9a418de454e5ce078c98f41b5c18e3bb9175bd20"}, {"name": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git;a=commit;h=7a763db1c15bb6436be85a3f23382e4171970b6e", "refsource": "CONFIRM", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git;a=commit;h=7a763db1c15bb6436be85a3f23382e4171970b6e"}, {"name": "http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html", "refsource": "MISC", "url": "http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:33.680Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2011-2344", "datePublished": "2011-07-08T17:00:00Z", "dateReserved": "2011-06-02T00:00:00Z", "dateUpdated": "2024-09-16T18:49:52.042Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A33DBF65-09A6-4149-BABE-2FFFBF10C31D", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "78B69434-13B2-4A43-AEB0-55E0ED403E54", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*", "matchCriteriaId": "D1755B91-1B6B-4A9E-BB6B-22B399A6DD02", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A92E88F-CCED-41D7-AFB7-CE1F9265E546", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D13D3A00-27A0-4635-9D50-05CA81950691", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*", "matchCriteriaId": "61D64B87-F1F1-4E52-86AE-F28E2C43A9A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "286EED24-E011-4009-BC2E-B63CA06072CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6997F035-D2F5-4174-B979-5D42FF69D9AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com."}, {"lang": "es", "value": "Android Picasa en Android v3.0 y v2.x hasta v2.3.4 usa sesion HTTP en texto claro cuando se transmite el authToken obtenido de ClientLogin, lo que permite a usuarios remotos ganar privilegios y acceder a imagenes y albumes privados esnifando el token de conexiones con picasaweb.google.com"}], "id": "CVE-2011-2344", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-07-08T17:55:01.007", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e"}, {"source": "chrome-cve-admin@google.com", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=7a763db1c15bb6436be85a3f23382e4171970b6e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://android.git.kernel.org/?p=platform/packages/apps/Gallery3D.git%3Ba=commit%3Bh=9a418de454e5ce078c98f41b5c18e3bb9175bd20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}