WeFi Log Files Local Information Disclosure Vulnerability

Bugtraq ID:	30088
Class:	Access Validation Error
CVE:	CVE-2008-3147
Remote:	No
Local:	Yes
Published:	Jul 04 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Xia Shing Zee
Vulnerable:	WeFi WeFi 3.2.1 .4.1
Not Vulnerable:

WeFi Log Files Local Information Disclosure Vulnerability

WeFi is prone to a local information-disclosure vulnerability because it fails to securely store sensitive data.

Attackers can exploit this issue to access keys for WEP, WPA, and WPA2 access points.

WeFi 3.2.1.4.1 is vulnerable; other versions may also be affected.

WeFi Log Files Local Information Disclosure Vulnerability

Attackers can exploit this issue by viewing an affected file.

WeFi Log Files Local Information Disclosure Vulnerability

Solution:
The vendor released a new version of the application to address this issue. Please see the references and visit the vendor's website to obtain the most recent version.

WeFi Log Files Local Information Disclosure Vulnerability

References:

• Local vulnerability in WeFi Client v3.2.1.4.1(Update) ([email protected])
  
• Vendor Homepage (WeFi)
  
• Re: Local vulnerability in WeFi Client v3.2.1.4.1(Update) (WeFi)