Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NMeatmeet
APPMeatmeet1.1.2.0
Related vulnerabilities
Ujawnienie informacji o nieopublikowanych urządzeniach w aplikacji Meatmeet Android
Hardcoded credentials w aplikacji mobilnej Meatmeet
Meatmeet – transmisja danych w czystym tekście (HTTP), przechwycenie tokenów uwierzytelniania
The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of ...
The mobile application insecurely handles information stored within memory. By performing a memory dump on the...