friendlyjlee

Security Vulnerability in Infinite Design Android app

Oct 7th, 2019
1,587
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Title: Infinite Design - Cleartext Transmission of username and password
  2. # Application: Infinite Design
  3. # Version: 3.4.12
  4. # Software Link: https://play.google.com/store/apps/details?id=com.brakefield.idfree
  5. # Company: Infinite Studio Mobile
  6. # Installs: 5,000,000+
  7. # Impact: Anyone watching the network packet can obtain a username and password.
  8. # Category: Mobile Apps
  9. # Tested on : Android 9
  10.  
  11. ---Description---
  12. Infinite Design, the popular Art app downloaded more than 5 millions, sends username and password via TCP without any encryption during login. So, anyone watching the network packet can obtain a username and password. It is critical, especially in mobile phones, because mobile phones are usually used in an insecure environment such as public WiFi.
  13.  
  14. ---Vendor feedback---
  15. After reporting, the vendor have quickly fixed this problem and released a new version.
  16.  
  17. ---PoC---
  18. 1. Try to login with Infinite Design, Android app.
  19. - Going to Settings
  20. - Enter credentials. Fake information is enough for reproducing.
  21.  
  22. 2. Sniffing network packet with any capturing tool.
  23. - the captured HTTP POST message contains user email and password.
  24.  
  25. Hypertext Transfer Protocol
  26. POST /users/index.php HTTP/1.1\r\n
  27. Content-Type: application/x-www-form-urlencoded\r\n
  28. charset: utf-8\r\n
  29. Content-Length: 63\r\n
  30. User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; ...)\r\n
  31. Host: www.seanbrakefield.com\r\n
  32. Connection: Keep-Alive\r\n
  33. Accept-Encoding: gzip\r\n
  34. \r\n
  35. [Full request URI: http://www.seanbrakefield.com/users/index.php]
  36. [HTTP request 1/1]
  37. [Response in frame: 662]
  38. File Data: 63 bytes
  39. HTML Form URL Encoded: application/x-www-form-urlencoded
  40. Form item: "tag" = "login"
  41. Form item: "email" = "jaeho.lee@rice.edu"
  42. Form item: "password" = "MyPasswordIsHere!"
  43.  
  44.  
  45. ---Reporter---
  46. Jaeho Lee(Jaeho.Lee@rice.edu)
  47. Rice Computer Security Lab
  48. Rice University
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×