Executive Summary

Title 802.1X password exploit on many HTC Android devices
Name VU#763355 First vendor Publication 2012-02-01
Vendor VU-CERT Last vendor Modification 2012-02-01
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#763355

802.1X password exploit on many HTC Android devices


A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android.

I. Description

Any Android application on an affected HTC build with the android.permission.ACCESS_WIFI_STATE permission can use the .toString() member of the WifiConfiguration class to view all 802.1X credentials and SSID information. If the same application also has the android.permission.INTERNET permission then that application can harvest the credentials and exfiltrate them to a server on the Internet.

The following devices have been reported as affected:

  • Desire HD (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
  • Glacier - Version FRG83
  • Droid Incredible - Version FRF91
  • Thunderbolt 4G - Version FRG83D
  • Sensation Z710e - Version GRI40
  • Sensation 4G - Version GRI40
  • Desire S - Version GRI40
  • EVO 3D - Version GRI40
  • EVO 4G - Version GRI40
    The following devices have been reported as not affected:
    • myTouch3g
    • Nexus One
    Additional details can be found in Bret Jordan's blog post.

    II. Impact

    An attacker may be able to view and exfiltrate WiFi SSID information and credentials.

    III. Solution

    Apply an Update

    Users with an affected HTC phone should visit the HTC support site for instructions on how to update their phone. In some cases, the update will be automatically delivered to the phone.

    Vendor Information

    VendorStatusDate NotifiedDate Updated




    Thanks to Chris Hessing and Bret Jordan for reporting this vulnerability.

    This document was written by Jared Allar.

    Other Information

    Date Public:2012-02-01
    Date First Published:2012-02-01
    Date Last Updated:2012-02-01
    CERT Advisory: 
    US-CERT Technical Alerts: 
    Severity Metric:1.23
    Document Revision:18

    This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

    Original Source

    Url : http://www.kb.cert.org/vuls/id/763355

    CWE : Common Weakness Enumeration

    % Id Name
    100 % CWE-200 Information Exposure

    CPE : Common Platform Enumeration

    Hardware 2
    Hardware 1
    Hardware 1
    Hardware 1
    Hardware 1
    Hardware 1
    Hardware 1
    Hardware 1
    Hardware 1