Android Debug Bridge (ADB) Accessible Without Authentication

Published: 2018-07-06 12:37:42

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary:
The script checks if the target host is running a service supporting the Android Debug Bridge (ADB) protocol without an enabled authentication.

Impact:
This issue may be exploited by a remote attacker to gain access to sensitive information or modify system configuration.

Detection Method:
Evaluate if the target host is running a service supporting the Android Debug Bridge (ADB) protocol without an enabled authentication.

Recommendations:
Disable the Android Debug Bridge (ADB)protocol within the device setting or enable authentication. See the references for more information.

Detection Type:
Remote Banner

Solution Type:
Mitigation

References:

https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20
https://nelenkov.blogspot.com/2013/02/secure-usb-debugging-in-android-422.html

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.