logo

MEMCACHED < 1.4.17 SASL AUTHENTICATION BYPASS

Bilyoner is an online betting platform for various betting options on idda , spor totomilli piyangotjk.

We have found that mobile apps vulnerable to SSL/TLS attacks which eventually lets attackers to gain sensitive information and hijack user sessions.

Description

On misconfigured network environments it is possible to redirect HTTPS packets over MITM tools for SSL sessions.

When we redirected our network on such a configuration we have observed that app sends/receives user data unecrypted.

REQUEST

{
    "password": "333444",
    "sessionId": "9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e",
    "username": "12312312"
}

And also session-id’s are vulnerable for attackers to use on their own configurations to hijack other users’ sessions. Such as;

RESPONSE

{
    "bilyonerCookies": {                                                                                                   
        "JSESSIONID": "RQdFTcnPydRypLXc71kXhYjBtN5p5sGT31GN4hvRlsN8qTz2GQ2T!-1656694263",        "NSC_wtfswfs-ttm": "ffffffffc3a0840e45525d5f4f58455e445a4a423660"
    },                                                                                                                     
    "bilyonerSessionId": "C1yTTcnP2wSnwyV2gstRkhrsBh8dsqJfvCYBFHqTGvVwhZSYhsJM!-1656694263!1394403087638",
    "sessionId": "9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e"
}

Affected Versions

Android apps 2.1.1 and below are affected. For IOS platforms below 4.6.2 are vulnerable.

Fixes

For Android apps it’s advised to upgrade 2.3.1. For IOS platforms 4.6.2 is available.

  • by talip

A NEW TYPE OF MALWARE FOUND ON THE WILD CALLED SMALLB

Sceptive has found a new brand of malware called SmallB during an incident investigation. After initial analysis, we have detected C&C servers for the malware but could not find any major clue about whereabouts or origins of the attackers.

Read More