Login Sign Up

CVE-2018-7259

9.8 CRITICAL

📋 TL;DR

The Flight Sim Labs A320-X installer version 2.0.1.231 sends users' Google account credentials over unencrypted HTTP when pirated serial numbers are entered, allowing attackers to intercept sensitive authentication data. This affects users who installed the vulnerable version and entered invalid serial numbers. The vulnerability was removed in version 2.0.1.232.

💻 Affected Systems

Products:
  • Flight Sim Labs A320-X
Versions: 2.0.1.231
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only triggers when pirated/invalid serial numbers are entered during installation.

📦 What is this software?

A320 X by Flightsimlabs

View all CVEs affecting A320 X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept Google credentials, gain unauthorized access to Google accounts, leading to identity theft, data breaches, and account takeover.

🟠

Likely Case

Credentials transmitted over HTTP are captured by network sniffers, resulting in compromised Google accounts and potential privacy violations.

🟢

If Mitigated

With proper network monitoring and HTTPS enforcement, credential interception is prevented, limiting impact to failed authentication attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network sniffing capabilities; no authentication needed to intercept HTTP traffic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.1.232

Vendor Advisory: https://forums.flightsimlabs.com/index.php?/topic/16210-malware-in-installer/

Restart Required: No

Instructions:

1. Uninstall version 2.0.1.231. 2. Download and install version 2.0.1.232 or later from official sources. 3. Verify installation completes successfully.

🔧 Temporary Workarounds

Block HTTP traffic to installLog.flightsimlabs.com

windows

Prevents credential transmission by blocking network requests to the vulnerable endpoint.

netsh advfirewall firewall add rule name="Block FSLabs Installer" dir=out action=block remoteip=installLog.flightsimlabs.com

Use HTTPS enforcement

all

Configure network devices to block unencrypted HTTP traffic to sensitive domains.

🧯 If You Can't Patch

  • Uninstall the vulnerable version immediately and avoid using pirated software.
  • Monitor network traffic for HTTP requests to installLog.flightsimlabs.com and investigate any occurrences.

🔍 How to Verify

Check if Vulnerable:

Check installer version in program details or installation logs for '2.0.1.231'.

Check Version:

wmic product where name="Flight Sim Labs A320-X" get version

Verify Fix Applied:

Confirm installed version is 2.0.1.232 or later and monitor network traffic for HTTP requests to the vulnerable endpoint.

📡 Detection & Monitoring

Log Indicators:

  • HTTP POST requests to installLog.flightsimlabs.com/LogHandler3.ashx in network logs

Network Indicators:

  • Cleartext HTTP traffic containing Google authentication tokens to installLog.flightsimlabs.com

SIEM Query:

destination_ip='installLog.flightsimlabs.com' AND http_method='POST' AND url_path='/LogHandler3.ashx'

📊 Metadata

CVE ID: CVE-2018-7259
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-319
Published: February 20, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-7259, you might also want to check these:

CVE-2018-1297 9.8

Apache JMeter 2.x and 3.x uses unsecured RMI connections in Distributed Test mode, allowing attacker...

Same vulnerability type (CWE-319)
CVE-2019-18852 9.8

Multiple D-Link router models contain a hardcoded 'Alphanetworks' user account with TELNET access, a...

Same vulnerability type (CWE-319)
CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)