Handspring Visor Network HotSync Vulnerability

The Handspring Visor is a Palm-compatible personal organizer. It ships with Network Hotsync, an application designed to perform backups and synchronizations of the Visor to a PC or Macintosh computer over an IP network. There is no authentication done for this transaction, so anybody with a Visor users name and IP address can initiate the hotsync and retrieve the users email and other information. This also gives an attacker with a Visor the aability to send email as the user.


 

Privacy Statement
Copyright 2010, SecurityFocus