MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS
MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS SKEPTIVE Bilyoner is an online betting platform for various betting options on idda ,&...
Read More
CVE-2014-3750 BILYONER MOBILE APPS PRONE TO VARIOUS SSL/TLS ATTACKS
SKEPTIVE
Bilyoner is an online betting platform for various betting options on idda , spor toto, milli piyango, tjk.
We have found that mobile apps vulnerable to SSL/TLS attacks which eventually lets attackers to gain sensitive information and hijack user sessions.
Description
On misconfigured network environments it is possible to redirect HTTPS packets over MITM tools for SSL sessions.
When we redirected our network on such a configuration we have observed that app sends/receives user data unecrypted.
REQUEST
{
"password": "333444",
"sessionId": "9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e",
"username": "12312312"
}And also session-id’s are vulnerable for attackers to use on their own configurations to hijack other users’ sessions. Such as;
RESPONSE
{
"bilyonerCookies": {
"JSESSIONID": "RQdFTcnPydRypLXc71kXhYjBtN5p5sGT31GN4hvRlsN8qTz2GQ2T!-1656694263", "NSC_wtfswfs-ttm": "ffffffffc3a0840e45525d5f4f58455e445a4a423660"
},
"bilyonerSessionId": "C1yTTcnP2wSnwyV2gstRkhrsBh8dsqJfvCYBFHqTGvVwhZSYhsJM!-1656694263!1394403087638",
"sessionId": "9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e"
}Affected Versions
Android apps 2.1.1 and below are affected. For IOS platforms below 4.6.2 are vulnerable.
Fixes
For Android apps it’s advised to upgrade 2.3.1. For IOS platforms 4.6.2 is available.
CVE-2014-2993 BIREBIN.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS
CVE-2014-2993 BIREBIN.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Birebin.com is an online betting web-site which also provides Andro...
Read MoreCVE-2014-2992 MISLI.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS
CVE-2014-2992 MISLI.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Misli.com is an online betting web-site which also provides Android a...
Read MoreCVE-2014-3750 BILYONER MOBILE APPS PRONE TO VARIOUS SSL/TLS ATTACKS
CVE-2014-3750 BILYONER MOBILE APPS PRONE TO VARIOUS SSL/TLS ATTACKS SKEPTIVE Bilyoner is an online betting platform for various betting options on i...
Read MoreUNPATCHED ATLASSIAN PRODUCTS STILL REIGN OVER A CRITICAL SECURITY FLAW
UNPATCHED ATLASSIAN PRODUCTS STILL REIGN OVER A CRITICAL SECURITY FLAW SKEPTIVE Atlassian released a security advisory nearly 8 months ago and relea...
Read MoreCVE-2014-3518 JBOSS EAP/AS 5: REMOTE CODE EXECUTION
CVE-2014-3518 JBOSS EAP/AS 5: REMOTE CODE EXECUTION SKEPTIVE JBoss Application Server (JBoss AS) is an open-source, cross-platform Java application se...
Read MoreA NEW TYPE OF MALWARE FOUND ON THE WILD CALLED SMALLB
Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.Duis aute irure dolor in repr...
Read More