ID HACKAPP:COM.TASOFT.TAS24.APK
Type hackapp
Reporter Hackapp.org
Modified 2017-06-17T23:47:45
Description
HackApp vulnerability scanner discovered that application Tas24 published at the 'play' market has multiple vulnerabilities.
{"id": "HACKAPP:COM.TASOFT.TAS24.APK", "bulletinFamily": "software", "title": "Tas24 - Customized SSL, Redefined SSL Common Names verifier vulnerabilities", "description": "HackApp vulnerability scanner discovered that application Tas24 published at the 'play' market has multiple vulnerabilities.", "published": "2017-06-17T23:47:45", "modified": "2017-06-17T23:47:45", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackapp.com/report/37d48201c0c15602c55b9152fffa01b5", "reporter": "Hackapp.org", "references": ["https://play.google.com/store/apps/details?id=com.tasoft.tas24&hl=en"], "cvelist": [], "type": "hackapp", "lastseen": "2018-08-02T15:59:08", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "79d8819f2c3bdbc28a7e644b69e2dab8"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "9d53ca6e312a59b7c243829049d2bc1a"}, {"key": "hackapp", "hash": "9b5d8e127f5046a1f5dfaee44acfa26d"}, {"key": "href", "hash": "617cbf8413696eefb9099a22f5275719"}, {"key": "modified", "hash": "bc08db168201754f71f22b2609d3f76f"}, {"key": "published", "hash": "bc08db168201754f71f22b2609d3f76f"}, {"key": "references", "hash": "8a6b509fc8682800ea28803036544760"}, {"key": "reporter", "hash": "3b012aae1848bb95fe11f3cebae83cb0"}, {"key": "title", "hash": "e96f748bff9cc4d068edacf1a763fa9b"}, {"key": "type", "hash": "96e87ef1fcc8d9d3cdd337488987c423"}], "hash": "0351357591ccd5bfb101281e561ea300812e0dbec9b8301dd6d62f1c5cdf3c0f", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-02T15:59:08"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Tas24", "operator": "le", "version": "1.0.7"}], "hackapp": {"apk": "COM.TASOFT.TAS24.APK", "bugs": [{"description": "This app uses self defined certificate verifier. If it is not properly configured it could allow attackers to do MITM attacks with their valid certificate without your knowledge.", "id": "f26dfa241879cfb5a1e229f2457bf9cc", "name": "Redefined SSL Common Names verifier", "severity": "critical"}, {"description": "\n\t\t\tCheck certificate validation. Do not create or redefine X509Certificate class methods by yourself, if you don't understand risks. Use the existing API.\n\t\t\t", "id": "254cd3f2c6524de34556607a4bb9bbc0", "name": "Customized SSL", "severity": "critical"}, {"description": "Are you sure these files should be here?", "id": "753c354e2164753154749128b88ca47b", "name": "Suspicious files", "severity": "notice"}, {"description": "Where do they point?", "id": "27cf0cfd9e528bc4ea7628e3409f5a41", "name": "External URLs", "severity": "notice"}], "icon": "http://lh3.googleusercontent.com/kM1XfJdLY3LYFscGJxrJLGOd6qJxucA4edKdUYom23DUBp4jP1D8QCHS8dGSJM_cOXc=w300", "link": "https://play.google.com/store/apps/details?id=com.tasoft.tas24&hl=en", "name": "Tas24", "release": "2017-05-29T00:00:00", "store": "play", "vendor": "TASCOMBANK", "version": "1.0.7"}}
{}
