Advisories

Concur Travel and Expense Mobile App for iOS Information Disclosure Vulnerability

Wednesday, September 28, 2011 By: Beau Woods

Dell SecureWorks Security Advisory SWRX-2011-002

Advisory Information

Title: Concur Travel & Expense Mobile App for iOS Information Disclosure Vulnerability
Advisory ID: SWRX-2011-002
Date published: Wednesday, September 28, 2011
CVE: CVE-2011-3425
CVSS v2 Base Score: 4.7
Date of last update: Wednesday, September 28, 2011
Vendors contacted: Concur Technologies, Inc.
Release mode: Coordinated
Discovered by: Beau Woods, Dell SecureWorks

Summary

Older versions of the Concur Travel & Expense Mobile App for iOS improperly handled sensitive information. An attacker with physical or logical access to the device or to device backups could obtain the user account, password, device ID and device serial number stored on the iOS device.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key

Concur Travel and Expense Mobile App for iOS Information Disclosure Vulnerability

Dell SecureWorks Security Advisory SWRX-2011-002

Related Content

LV Ransomware

USAID-Themed Phishing Campaign Leverages U.S. Elections Lure

Counter Threat Unit Researchers Publish Threat Group Definitions