what you don't know can hurt you

RENPHO 3.0.0 Information Disclosure

RENPHO 3.0.0 Information Disclosure
Posted Oct 8, 2019
Authored by Tim Schughart

RENPHO version 3.0.0 fails to encrypt in transit and due to this can disclose sensitive information and allow for man-in-the-middle attacks.

tags | exploit, info disclosure
advisories | CVE-2019-14808
MD5 | bc35356cc7c7d02cc8b258cca567f527

RENPHO 3.0.0 Information Disclosure

Change Mirror Download
Hello together, 

we’ve found the following vulnerability below.

Affected software: RENPHO V3.0.0 (iOS App)
Vulnerability type: Missing Encryption and Integrity Check of Sensitive Data
Vulnerable version: Renpho Mobile Application V3.0.0 for iOS
Vulnerable component: Client app, transmitting data to server backend
Vendor report confidence: Unconfirmed
Fixed version: -
Vendor notification: 13/08/19
Solution date:
CVE reference: CVE-2019-14808
CVSSv3 Score: 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Researcher Credits: Tim Schughart, Christian Horn
Communication Timeline:
13th August 2019 Initial contact - no response
26th September second contact attempt - no response
08th October fulldisclosure

Vulnerability Details:
The client application (mobile app for iOS) transmits data unencrypted
to an server in JSON without integrity check, if an user changes
personal data in his profile tab oder logs hisself in his account.

Proof of concept:
Caputre traffice via proxy or MITM attack, while user logs in or changes his user profile. You are able to catch session id for cloning, password in cleartext oder change data on the fly, because of an missing integrity check.


Best regards / Mit freundlichen Grüßen

Dr. h.c. Tim Schughart
CEO / Geschäftsführer

--
ProSec GmbH
Robert-Koch-Straße 1-9
56751 Polch

Website: https://www.prosec-networks.com
E-Mail: info@prosec.networks.com
Phone: +49 (0)261 450 930 90

Sitz der Gesellschaft / Company domiciled in: Polch
Registergericht / registry Court: Amtsgericht Koblenz, HRB 26457
Geschäftsführer: Tim Schughart
UST-IdNr./ VAT ID: DE321817516


"This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY PROTECTED information and is intended only for the named recipient(s). Any unauthorized use, dissemination, copying or forwarding is strictly prohibited. If you are not the intended recipient and have received this email communication in error, please notify the sender immediately, delete it and destroy all copies of this E-Mail.

"Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE und/oder RECHTLICH GESCHÜTZTE Informationen enthalten und ist ausschließlich für den/die genannten Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, Vervielfältigung oder Versendung ist strengstens verboten. Sollten Sie nicht der angegebene Adressat sein und diese E-Mail Mitteilung irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, löschen diese E-Mail und vernichten alle Kopien.


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close