| AndroBugs | 81.17.27.* | 11.2.2019 18:36 |
| Toto je adresa IP adresy google.com a stále neplatný certifikát navíc [link] :D
+ další krtické chyby nalezené v aplikaci ch.protonmail.android pro Android.
[Critical] <SSL_Security> SSL Implementation Checking (Verifying Host Name in Custom Classes) (Vector ID: SSL_CN1):
This app allows Self-defined HOSTNAME VERIFIER to accept all Common Names(CN).
This is a critical vulnerability and allows attackers to do MITM attacks with his valid certificate without your knowledge.
Case example:
(1)[link]
(2)[link]
(3)[link]
Also check Google doc: [link] (Caution: Replacing HostnameVerifier can
be very dangerous).
OWASP Mobile Top 10 doc: [link]
Check this book to see how to solve this issue: [link]
To see what's the importance of Common Name(CN) verification.
Use Google Chrome to navigate:
- [link] => SSL certificate is valid
- [link] => This is the IP address of google.com, but the CN is not match, making the certificate invalid. You
still can go Google.com but now you cannot distinguish attackers from normal users
Please check the code inside these methods:
Lio/sentry/d/h$1;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z
[Critical] <SSL_Security> SSL Connection Checking (Vector ID: SSL_URLS_NOT_IN_HTTPS):
URLs that are NOT under SSL (Total:1):
[link]
=> Lch/protonmail/android/utils/q;->a(Landroid/app/Activity; Landroid/content/DialogInterface; I)V
[Critical] <WebView><Remote Code Execution><#CVE-2013-4710#> WebView RCE Vulnerability Checking (Vector ID: WEBVIEW_RCE):
Found a critical WebView "addJavascriptInterface" vulnerability. This method can be used to allow JavaScript to control the host
application.
This is a powerful feature, but also presents a security risk for applications targeted to API level JELLY_BEAN(4.2) or below,
because JavaScript could use reflection to access an injected object's public fields. Use of this method in a WebView containing
untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the
permissions of the host application.
Reference:
1."[link](java.lang.Object,
java.lang.String) "
2.[link]
3.[link]
4.[link]
Please modify the below code:
=> Lch/protonmail/android/activities/fragments/BillingFragment;->onCreateView(Landroid/view/LayoutInflater;
Landroid/view/ViewGroup; Landroid/os/Bundle;)Landroid/view/View; (0x118) --->
Landroid/webkit/WebView;->addJavascriptInterface(Ljava/lang/Object; Ljava/lang/String;)V
=> Lch/protonmail/android/activities/fragments/HumanVerificationCaptchaDialogFragment;->onCreateView(Landroid/view/LayoutInfl
ater; Landroid/view/ViewGroup; Landroid/os/Bundle;)Landroid/view/View; (0x30) --->
Landroid/webkit/WebView;->addJavascriptInterface(Ljava/lang/Object; Ljava/lang/String;)V
=> Lch/protonmail/android/activities/fragments/HumanVerificationCaptchaFragment;->onCreateView(Landroid/view/LayoutInflater;
Landroid/view/ViewGroup; Landroid/os/Bundle;)Landroid/view/View; (0x30) --->
Landroid/webkit/WebView;->addJavascriptInterface(Ljava/lang/Object; Ljava/lang/String;)V |
|
