| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Oct 2019 09:58:16 +0200 From: ProSec Security Team <security@...sec-networks.com> Cc: ProSec Security Team <security@...sec-networks.com> Subject: [FD] RENPHO iOS missing encryption and integrity check Hello together, we’ve found the following vulnerability below. Affected software: RENPHO V3.0.0 (iOS App) Vulnerability type: Missing Encryption and Integrity Check of Sensitive Data Vulnerable version: Renpho Mobile Application V3.0.0 for iOS Vulnerable component: Client app, transmitting data to server backend Vendor report confidence: Unconfirmed Fixed version: - Vendor notification: 13/08/19 Solution date: CVE reference: CVE-2019-14808 CVSSv3 Score: 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Researcher Credits: Tim Schughart, Christian Horn Communication Timeline: 13th August 2019 Initial contact - no response 26th September second contact attempt - no response 08th October fulldisclosure Vulnerability Details: The client application (mobile app for iOS) transmits data unencrypted to an server in JSON without integrity check, if an user changes personal data in his profile tab oder logs hisself in his account. Proof of concept: Caputre traffice via proxy or MITM attack, while user logs in or changes his user profile. You are able to catch session id for cloning, password in cleartext oder change data on the fly, because of an missing integrity check. Best regards / Mit freundlichen Grüßen Dr. h.c. Tim Schughart CEO / Geschäftsführer -- ProSec GmbH Robert-Koch-Straße 1-9 56751 Polch Website: https://www.prosec-networks.com E-Mail: info@...sec.networks.com Phone: +49 (0)261 450 930 90 Sitz der Gesellschaft / Company domiciled in: Polch Registergericht / registry Court: Amtsgericht Koblenz, HRB 26457 Geschäftsführer: Tim Schughart UST-IdNr./ VAT ID: DE321817516 "This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY PROTECTED information and is intended only for the named recipient(s). Any unauthorized use, dissemination, copying or forwarding is strictly prohibited. If you are not the intended recipient and have received this email communication in error, please notify the sender immediately, delete it and destroy all copies of this E-Mail. "Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE und/oder RECHTLICH GESCHÜTZTE Informationen enthalten und ist ausschließlich für den/die genannten Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, Vervielfältigung oder Versendung ist strengstens verboten. Sollten Sie nicht der angegebene Adressat sein und diese E-Mail Mitteilung irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, löschen diese E-Mail und vernichten alle Kopien. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists