MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS
MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS SKEPTIVE Bilyoner is an online betting platform for various betting options on idda ,&...
Read MoreMEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS SKEPTIVE Bilyoner is an online betting platform...
CVE-2014-2993 BIREBIN.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Birebin.com is an...
CVE-2014-2992 MISLI.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Misli.com is an...
CVE-2014-3750 BILYONER MOBILE APPS PRONE TO VARIOUS SSL/TLS ATTACKS SKEPTIVE Bilyoner is an...
SKEPTIVE
Bilyoner is an online betting platform for various betting options on idda , spor toto, milli piyango, tjk.
We have found that mobile apps vulnerable to SSL/TLS attacks which eventually lets attackers to gain sensitive information and hijack user sessions.
On misconfigured network environments it is possible to redirect HTTPS packets over MITM tools for SSL sessions.
When we redirected our network on such a configuration we have observed that app sends/receives user data unecrypted.
REQUEST
{
"password": "333444",
"sessionId": "9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e",
"username": "12312312"
}
And also session-id’s are vulnerable for attackers to use on their own configurations to hijack other users’ sessions. Such as;
RESPONSE
{
"bilyonerCookies": {
"JSESSIONID": "RQdFTcnPydRypLXc71kXhYjBtN5p5sGT31GN4hvRlsN8qTz2GQ2T!-1656694263", "NSC_wtfswfs-ttm": "ffffffffc3a0840e45525d5f4f58455e445a4a423660"
},
"bilyonerSessionId": "C1yTTcnP2wSnwyV2gstRkhrsBh8dsqJfvCYBFHqTGvVwhZSYhsJM!-1656694263!1394403087638",
"sessionId": "9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e"
}
Android apps 2.1.1 and below are affected. For IOS platforms below 4.6.2 are vulnerable.
For Android apps it’s advised to upgrade 2.3.1. For IOS platforms 4.6.2 is available.
MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS SKEPTIVE Bilyoner is an online betting platform for various betting options on idda ,&...
Read MoreCVE-2014-2993 BIREBIN.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Birebin.com is an online betting web-site which also provides Andro...
Read MoreCVE-2014-2992 MISLI.COM ANDROID APP SSL CERTIFICATE VALIDATION WEAKNESS SKEPTIVE Misli.com is an online betting web-site which also provides Android a...
Read MoreCVE-2014-3750 BILYONER MOBILE APPS PRONE TO VARIOUS SSL/TLS ATTACKS SKEPTIVE Bilyoner is an online betting platform for various betting options on i...
Read MoreUNPATCHED ATLASSIAN PRODUCTS STILL REIGN OVER A CRITICAL SECURITY FLAW SKEPTIVE Atlassian released a security advisory nearly 8 months ago and relea...
Read MoreCVE-2014-3518 JBOSS EAP/AS 5: REMOTE CODE EXECUTION SKEPTIVE JBoss Application Server (JBoss AS) is an open-source, cross-platform Java application se...
Read MoreLorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.Duis aute irure dolor in repr...
Read More