1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Major Password vulnerability in multiple Android and iOS apps.

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Major Password vulnerability in multiple Android and iOS apps."

Collapse
  • DaveB
    replied
    Originally posted by NickFitz View Post
    These appear to be vulnerabilities in the HTTP APIs, not in the apps at all. The apps are just client software that uses the relevant HTTP endpoint.
    Yes, as per the original post, the apps are making use of vulnerable web services. The net effect is still that passwords used by or with the apps are vulnerable to brute force attacks without the app owners knowledge.

    Leave a comment:

  • NickFitz
    replied
    These appear to be vulnerabilities in the HTTP APIs, not in the apps at all. The apps are just client software that uses the relevant HTTP endpoint.

    Leave a comment:

  • xoggoth
    replied
    Had one on my Android tablet. A file manager.

    PS That android Appbugs Security Scan logo looks amazingly similar to my android app, also about bugs. With a bit of luck people will get mixed up and install mine by mistake.

    https://play.google.com/store/apps/d...com.appbugs.ui

    https://play.google.com/store/apps/d....ISee.LandBugs
    Last edited by xoggoth; 28 July 2015, 08:35.

    Leave a comment:

  • TheFaQQer
    replied
    3 Apps found 2 more OK

    Leave a comment:

  • DaveB
    started a topic Major Password vulnerability in multiple Android and iOS apps.

    Major Password vulnerability in multiple Android and iOS apps.

    Time to check your apps. Not specific to Andoid or iOS, just specific to sloppy development.

    https://appbugs.co/html/bugs_categor...ord_bruteforce

    AppBugs found 53 mobile apps (Android and iOS, approximately 600 million users impacted) have the password brute force issues in their web services and attackers can exploit the holes immediately to steal users passwords.
    Tags: None

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X