[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys
From: issues@xxxxxxxxxx
Date: Wed, 20 Jan 2016 10:32:17 GMT

QuickAuth Pebble application loads the configuration page via HTTP. As such it 
is possible for an attacker to setup and use a MITM proxy to inject Javascript 
which posts the key to an external site to steal the TOTP keys as they are 
being updated on the Pebble app.

Original GitHub issue : https://github.com/JumpMaster/QuickAuth/issues/25

Prev by Date: Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3
Next by Date: Oracle HtmlConverter.exe Buffer Overflow
Previous by thread: Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability
Next by thread: Oracle HtmlConverter.exe Buffer Overflow
Index(es):
- Date
- Thread