MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS
MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS SKEPTIVE Bilyoner is an online betting platform for various betting options on idda ,&...
Read MoreMEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS SKEPTIVE Bilyoner is an online betting platform...
CVE-2014-2993 BIREBIN.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Birebin.com is an...
CVE-2014-2992 MISLI.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Misli.com is an...
CVE-2014-3750 BILYONER MOBILE APPS PRONE TO VARIOUS SSL/TLS ATTACKS SKEPTIVE Bilyoner is an...
SKEPTIVE
Birebin.com is an online betting web-site which also provides Android app. for the members to ease on betting.
We have found that Android app vulnerable to SSL mitm attacks (http://en.wikipedia.org/wiki/Man-in-the-middle_attack) which eventually let attackers to gather user name-password and session hijacking capabilities against app. users.
On misconfigured network environments it is possible to redirect HTTPS packets over MITM tools for SSL sessions.
When we redirected our network on such a configuration we have observed that app sends/receives user data unecrypted.
REQUEST
{
"Password": "123456",
"UserName": "abc@abc.com"
}
And also Token value which is used for session awarenes is vulnerable for attackers to use on their own configurations to hijack other users’ sessions.
No verison is given in app. But we provide md5 hash of the vulnerable APK
MD5 (birebin-android-latest.apk) = 60bea6a1694b1ffc87c4dc3f2ba6a8be
No known fixes has been released yet.
MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS SKEPTIVE Bilyoner is an online betting platform for various betting options on idda ,&...
Read MoreCVE-2014-2993 BIREBIN.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Birebin.com is an online betting web-site which also provides Andro...
Read MoreCVE-2014-2992 MISLI.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Misli.com is an online betting web-site which also provides Android a...
Read MoreCVE-2014-3750 BILYONER MOBILE APPS PRONE TO VARIOUS SSL/TLS ATTACKS SKEPTIVE Bilyoner is an online betting platform for various betting options on i...
Read MoreUNPATCHED ATLASSIAN PRODUCTS STILL REIGN OVER A CRITICAL SECURITY FLAW SKEPTIVE Atlassian released a security advisory nearly 8 months ago and relea...
Read MoreCVE-2014-3518 JBOSS EAP/AS 5: REMOTE CODE EXECUTION SKEPTIVE JBoss Application Server (JBoss AS) is an open-source, cross-platform Java application se...
Read MoreLorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.Duis aute irure dolor in repr...
Read More