Title: WeFi Log Files Local Information Disclosure Vulnerability
Severity: LOW
Description:
WeFi is a WiFi hotspot connectivity client for Windows and Mac OS X.
WeFi is prone to a local information-disclosure vulnerability because it fails to securely store sensitive data.
Specifically, keys for WEP, WPA, and WPA2 access points are stored in plain text when written to the 'ClientWeFiLog.dat' and 'ClientWeFiLog.bak' files.
NOTE: The '.bak' file is accessible whether or not the client is running.
Local attackers can exploit this issue to obtain sensitive information that will facilitate unauthorized access to WiFi access points. This could aid in further attacks.
WeFi 3.2.1.4.1 is vulnerable; other versions may also be affected.
UPDATE (July 8, 2008): The vendor states that this issue occurs only when users manually select the WeFi diagnostic mode.
Affected Products:
- WeFi WeFi 3.2.1.4.1
References:
- WeFi: Vendor Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
