The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
References
Link | Resource |
---|---|
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ | Exploit Third Party Advisory |
https://www.kb.cert.org/vuls/id/402847 | Third Party Advisory US Government Resource |
https://www.securityfocus.com/bid/93877 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2018-07-13T20:00:00
Updated: 2018-07-13T19:57:01
Reserved: 2016-08-03T00:00:00
Link: CVE-2016-6548
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-13T20:29:00.503
Modified: 2019-10-09T23:19:14.237
Link: CVE-2016-6548
JSON object: View
Redhat Information
No data.
CWE