SecurityHome.eu Security vulnerability: QuickAuth Pebble Man-In-The-Middle

Home / vulnerabilities PDF

QuickAuth Pebble Man-In-The-Middle
Posted on 21 January 2016
Source : packetstormsecurity.org Link

QuickAuth Pebble application loads the configuration page via HTTP. As such it is possible for an attacker to setup and use a MITM proxy to inject Javascript which posts the key to an external site to steal the TOTP keys as they are being updated on the Pebble app.

Original GitHub issue : https://github.com/JumpMaster/QuickAuth/issues/25

TOP

Malware :

None in database

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20