CVE-2017-15999 – This vulnerability allows attackers to intercep... (How to Fix)

Q: What is the severity of CVE-2017-15999?

CVE-2017-15999 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to intercept login credentials and contact data transmitted by the NQ Contacts Backup & Restore Android app. The app transmits usernames in plaintext and password hashes without HTTPS encryption, enabling credential theft and unauthorized access. All users of version 1.1 are affected.

📋 TL;DR

This vulnerability allows attackers to intercept login credentials and contact data transmitted by the NQ Contacts Backup & Restore Android app. The app transmits usernames in plaintext and password hashes without HTTPS encryption, enabling credential theft and unauthorized access. All users of version 1.1 are affected.

💻 Affected Systems

Products:

NQ Contacts Backup & Restore

Versions: 1.1

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.1 are vulnerable by default as the app uses HTTP instead of HTTPS for all network communications.

📦 What is this software?

Contacts Backup \& Restore by Nq

View all CVEs affecting Contacts Backup \& Restore →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user contact data, credential theft enabling account takeover, and potential identity theft or phishing campaigns using stolen contact information.

🟠

Likely Case

Credential harvesting leading to unauthorized access to the backup service and exposure of sensitive contact information.

🟢

If Mitigated

Limited impact with proper network controls, though credentials remain vulnerable to local network attackers.

🌐 Internet-Facing: HIGH - Data transmitted over public networks is completely exposed to interception.

🏢 Internal Only: MEDIUM - Local network attackers can still intercept credentials and data.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires network position to intercept traffic (MITM). SHA-1 password hashes can be cracked offline or replayed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Users should uninstall the vulnerable version and seek alternative contact backup solutions.

🔧 Temporary Workarounds

Force HTTPS via VPN

android

Route all app traffic through a VPN that forces HTTPS connections and prevents HTTP traffic.

Network-level HTTPS enforcement

all

Configure network firewalls or proxies to block HTTP traffic from the app and force HTTPS connections.

🧯 If You Can't Patch

Uninstall the application immediately and use alternative contact backup solutions
Never use the app on untrusted networks (public Wi-Fi, cellular data)

🔍 How to Verify

Check if Vulnerable:

Check app version in Android settings > Apps > NQ Contacts Backup & Restore. Version 1.1 is vulnerable.

Check Version:

Not applicable - check via Android UI

Verify Fix Applied:

Verify app is uninstalled or updated to a version that uses HTTPS for all network communications.

📡 Detection & Monitoring

Log Indicators:

HTTP traffic to NQ backup servers containing login credentials or contact data

Network Indicators:

Cleartext HTTP traffic containing 'login' parameters or contact data from the app

SIEM Query:

source_ip=* AND dest_port=80 AND (http_user_agent CONTAINS 'NQ' OR http_uri CONTAINS 'login')

📊 Metadata

CVE ID: CVE-2017-15999

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-319

Published: October 29, 2017

Last Updated: April 20, 2025

🔗 References

https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html Third Party Advisory
https://1337sec.blogspot.de/2017/10/auditing-nq-contacts-backup-restore-11.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-15999, you might also want to check these: