Lucene search
Hackapp.orgHACKAPP:AIR.COM.HASBRO.TABUAPPSTORE.APKHistoryApr 01, 2016 - 9:47 a.m.
Tabu Buzzer App - AWS Credentials, Dangerous filesystem permissions, Insecure KeyStore vulnerabilities
2016-04-0109:47:35
Hackapp.org
hackapp.com
7
HackApp vulnerability scanner discovered that application Tabu Buzzer App published at the βplayβ market has multiple vulnerabilities.
Name
Tabu Buzzer AppVendor
Hasbro Inc.Link
AIR.COM.HASBRO.TABUAPPSTORE.APKStore
playVersion
1.0.0- NOTICE
- Suspicious files
Are you sure these files should be here?
- Possible privilege escalation
This app is looking for root tools.
- External URLs
Where do they point?
- Unsafe deleting
All items deleted with 'file.delete()' could be recovered.
- CRITICAL
- Dangerous filesystem permissions
Files created with these methods could be worldwide readable.
- Insecure KeyStore
The app uses Android KeyStore subsystem with hardcoded authentication.
- AWS Credentials
Everyone can use it to access your resources.
- MEDIUM
- Dynamic Code Loading
Code for 'DexClassLoader' could be tampered.
- SD-card access
SD-cards and other external storages have 'worldwide read' policy.
- WebView JavaScript enabled
WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.
- WebView files access
Control of WebView context allows to access local files.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tabu buzzer app | le | 1.0.0 |