Bilyoner mobile apps prone to various SSL/TLS attacks
= Sceptive Security Advisory Synopsis: Bilyoner mobile apps prone to various SSL/TLS attacks Product: Various mobile applications Advisory URL: http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks Advisory number: CVE-2014-3750 Issue date: 2014-04-02 = 1. Summary: Bilyoner [1] is an online betting platform for various betting options on idda [2] , spor toto [3], milli piyango [4], tjk [5]. We have found that mobile apps vulnerable to SSL/TLS attacks which eventually lets attackers to gain sensitive information and hijack user sessions. 2. Description: On misconfigured network environments it is possible to redirect HTTPS packets over MITM tools for SSL sessions. When we redirected our network on such a configuration we have observed that app sends/receives user data unecrypted. REQUEST { password: 333444, sessionId: 9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e, username: 12312312 } And also session-id's are vulnerable for attackers to use on their own configurations to hijack other users' sessions. Such as; RESPONSE { bilyonerCookies: { JSESSIONID: RQdFTcnPydRypLXc71kXhYjBtN5p5sGT31GN4hvRlsN8qTz2GQ2T!-1656694263, NSC_wtfswfs-ttm: c3a0840e45525d5f4f58455e445a4a423660 }, bilyonerSessionId: C1yTTcnP2wSnwyV2gstRkhrsBh8dsqJfvCYBFHqTGvVwhZSYhsJM!-1656694263!1394403087638, sessionId: 9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e } 3. Solution: For Android apps it's advised to upgrade 2.3.1. For IOS platforms 4.6.2 is available.. 4. Links: [1] http://www.bilyoner.com/ [2] http://www.iddaa.com/ [3] https://www.sportoto.gov.tr/ [4] http://www.millipiyango.gov.tr/ [5] http://www.tjk.org/EN 5. Contact: Harun Esur harun.e...@sceptive.com Copyright 2014 Sceptive http://sceptive.com =
Misli.com Android App SSL certificate validation weakness
Title: Misli.com Android App SSL certificate validation weakness Advisory URL: http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness- == Overview Misli.com is an online betting web-site which also provides Android app. for the members to ease on betting. We have found that Android app vulnerable to SSL mitm attacks (http://en.wikipedia.org/wiki/Man-in-the-middle_attack) which eventually let attackers to gather user name-password and session hijacking capabilities against app. users. == Description On misconfigured network environments it is possible to redirect HTTPS packets over MITM tools for SSL sessions. When we redirected our network on such a configuration we have observed that app sends/receives user data unecrypted. REQUEST { login: a...@abc.com, password: 123456, sessionid: 5e8c1de7-229a-49cf-a6aa-30fa9be9c41d } And also session-id's are vulnerable for attackers to use on their own configurations to hijack other users' sessions. == Affected Versions No known version is given in app. But we provide md5 hash of the vulnerable APK MD5 (android.apk) = 35bb423c18e7269922d9610ef050b7ae == Fixes No known fixes has been released yet.
Birebin.com Android App SSL certificate validation weakness
Title: Birebin.com Android App SSL certificate validation weakness Advisory URL:http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness- == Overview Birebin.com is an online betting web-site which also provides Android app. for the members to ease on betting. We have found that Android app vulnerable to SSL mitm attacks (http://en.wikipedia.org/wiki/Man-in-the-middle_attack) which eventually let attackers to gather user name-password and session hijacking capabilities against app. users. == Description On misconfigured network environments it is possible to redirect HTTPS packets over MITM tools for SSL sessions. When we redirected our network on such a configuration we have observed that app sends/receives user data unecrypted. REQUEST { Password: 123456, UserName: a...@abc.com } And also Token value which is used for session awarenes is vulnerable for attackers to use on their own configurations to hijack other users' sessions. == Affected Version(s) No verison is given in app. But we provide md5 hash of the vulnerable APK MD5 (birebin-android-latest.apk) = 60bea6a1694b1ffc87c4dc3f2ba6a8be == Fixes No known fixes has been released yet.