WLAN Password Bypass in Windows Mobile 6 on HTC Hermes Devices
CVE-2008-4540

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Mobile
Vendor: CVE Published:; 13 October 2008

What is CVE-2008-4540?

The vulnerability in Windows Mobile 6 on HTC Hermes devices allows attackers in close proximity to exploit an auto-completion feature in the password input field. This flaw enables unauthorized access to WLAN networks by exposing saved passwords, thus bypassing required authentication measures. Users of affected devices should be aware of the risks and consider updates or mitigation strategies to secure their wireless connections.

References

http://securityreason.com/securityalert/4402

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/45857

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/497151/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2008
Vulnerability Reserved
Oct 13, 2008

Microsoft

What is CVE-2008-4540?

References

Timeline