Critical vulnerability to Etsy iPhone app


iphone 5

Attack-Secure Mohamed Ramadan, after an attack on the middle attack on the iPhone, discovered a critical vulnerability that allows attackers on the same network to watch it and intercept data (including the user's password), invisibly without any warning from the application.

Having downloaded and installed the latest version of 2.2, on its own iPhone 4S with iOS 6 and ipad, while using the Burp Suite proxy 1.5 on the 8080 door with the firewall turned off by using the manual proxy, it was able to bypass the user name and password in plain text (unencrypted).

The issue has already been mentioned in the Etsy Security Team, which for its part confirmed the vulnerability. Mohamed was awarded 750 dollars for his discovery.

Secnews.gr

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news