[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] RENPHO iOS missing encryption and integrity check

Subject: [FD] RENPHO iOS missing encryption and integrity check
From: ProSec Security Team <security@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 8 Oct 2019 09:58:16 +0200

Hello together, 

we’ve found the following vulnerability below. 

Affected software: RENPHO V3.0.0 (iOS App)
Vulnerability type: Missing Encryption and Integrity Check of Sensitive Data
Vulnerable version: Renpho Mobile Application V3.0.0 for iOS
Vulnerable component: Client app, transmitting data to server backend
Vendor report confidence: Unconfirmed
Fixed version: -
Vendor notification: 13/08/19
Solution date:
CVE reference: CVE-2019-14808
CVSSv3 Score: 6.8  AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Researcher Credits: Tim Schughart, Christian Horn
Communication Timeline: 
13th August 2019 Initial contact - no response
26th September second contact attempt - no response 
08th October fulldisclosure 

Vulnerability Details:
The client application (mobile app for iOS) transmits data unencrypted
to an server in JSON without integrity check, if an user changes
personal data in his profile tab oder logs hisself in his account.

Proof of concept:
Caputre traffice via proxy or MITM attack, while user logs in or changes his 
user profile. You are able to catch session id for cloning, password in 
cleartext oder change data on the fly, because of an missing integrity check. 


Best regards / Mit freundlichen Grüßen 

Dr. h.c. Tim Schughart 
CEO / Geschäftsführer  

--
ProSec GmbH
Robert-Koch-Straße 1-9
56751 Polch 

Website: https://www.prosec-networks.com 
E-Mail: info@xxxxxxxxxxxxxxxxxxx 
Phone: +49 (0)261 450 930 90

Sitz der Gesellschaft / Company domiciled in: Polch
Registergericht / registry Court: Amtsgericht Koblenz, HRB 26457
Geschäftsführer: Tim Schughart
UST-IdNr./ VAT ID: DE321817516


"This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY 
PROTECTED information and is intended only for the named recipient(s). Any 
unauthorized use, dissemination, copying or forwarding is strictly prohibited. 
If you are not the intended recipient and have received this email 
communication in error, please notify the sender immediately, delete it and 
destroy all copies of this E-Mail.

"Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE 
und/oder RECHTLICH GESCHÜTZTE Informationen enthalten und ist ausschließlich 
für den/die genannten Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, 
Vervielfältigung oder Versendung ist strengstens verboten. Sollten Sie nicht 
der angegebene Adressat sein und diese E-Mail Mitteilung irrtümlich erhalten 
haben, informieren Sie bitte sofort den Absender, löschen diese E-Mail und 
vernichten alle Kopien. 

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] APPLE-SA-2019-10-07-4 iCloud for Windows 7.14
Next by Date: [FD] [KIS-2019-03] SugarCRM <= 9.0.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
Previous by thread: [FD] APPLE-SA-2019-10-07-4 iCloud for Windows 7.14
Next by thread: [FD] [KIS-2019-03] SugarCRM <= 9.0.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
Index(es):
- Date
- Thread