SecurityvulnsSECURITYVULNS:DOC:30824Bilyoner mobile apps prone to various SSL/TLS attacks
=====================================================================
Sceptive Security Advisory
Synopsis: Bilyoner mobile apps prone to various SSL/TLS attacks
Product: Various mobile applications
Advisory URL: http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks
Advisory number: CVE-2014-3750
Issue date: 2014-04-02
- Summary:
Bilyoner [1] is an online betting platform for various betting options on idda [2] , spor toto [3], milli piyango [4], tjk [5].
We have found that mobile apps vulnerable to SSL/TLS attacks which eventually lets attackers to gain sensitive information and hijack user sessions.
- Description:
On misconfigured network environments it is possible to redirect HTTPS packets over MITM tools for SSL sessions.
When we redirected our network on such a configuration we have observed that app sends/receives user data unecrypted.
REQUEST
{
"password": "333444",
"sessionId": "9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e",
"username": "12312312"
}
And also session-id's are vulnerable for attackers to use on their own configurations to hijack other users' sessions. Such as;
RESPONSE
{
"bilyonerCookies": {
"JSESSIONID": "RQdFTcnPydRypLXc71kXhYjBtN5p5sGT31GN4hvRlsN8qTz2GQ2T!-1656694263",
"NSC_wtfswfs-ttm": "ffffffffc3a0840e45525d5f4f58455e445a4a423660"
},
"bilyonerSessionId": "C1yTTcnP2wSnwyV2gstRkhrsBh8dsqJfvCYBFHqTGvVwhZSYhsJM!-1656694263!1394403087638",
"sessionId": "9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e"
}
- Solution:
For Android apps it's advised to upgrade 2.3.1. For IOS platforms 4.6.2 is availableβ¦
- Links:
[1] http://www.bilyoner.com/
[2] http://www.iddaa.com/
[3] https://www.sportoto.gov.tr/
[4] http://www.millipiyango.gov.tr/
[5] http://www.tjk.org/EN
- Contact:
Harun Esur <[email protected]>
Copyright 2014 Sceptive <http://sceptive.com>
=====================================================================
