Nessus On Android 1.0.1 Credential Disclosure

Posted on 24 July 2012

Nessus app for android version 1.0.1 The app allows user to save nessus server info IP/username/password. The app saves this info to /sdcard/servers.id This file can be viewed with notepad and password is right there in plain text. this means any app on the system can see that info and possibly transmit it to an attacker.