A security issue exists in multiple HTC products and can be exploited by malicious people to disclose potentially sensitive information, according to Secunia.
The security issue is caused due to Peep, the default Twitter application, transmitting credentials Base64-encoded or in plaintext.
This can be exploited to disclose the authentication credentials by e.g sniffing network traffic or via a Man-in-the-Middle (MitM) attack.
The security issue is reported in Peep version 2_5_19212224_0 running on the following devices:
- HTC HD2
- HTC HD mini
- HTC Touch Diamond2
- HTC Touch Pro2.