Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackappHackapp.orgHACKAPP:DE.RESOLUTION.YF_ANDROID.APK
HistoryApr 01, 2016 - 8:56 a.m.

Your Freedom VPN Client - Certificates or keys found, Customized SSL, Exported components vulnerabilities

2016-04-0108:56:03
Hackapp.org
hackapp.com
191
JSON

HackApp vulnerability scanner discovered that application Your Freedom VPN Client published at the β€˜play’ market has multiple vulnerabilities.

Name

Your Freedom VPN Client

Vendor

resolution Reichert Network Solutions GmbH

Link

DE.RESOLUTION.YF_ANDROID.APK

Store

play

Version

20160224-02
  • NOTICE
  • External URLs

    Were do they point?

  • Possible privilege escalation

    This app is looking for root tools.

  • Unsafe deleting

    All items deleted with 'file.delete()' could be recovered.

  • KeyStore usage

    The app uses Android KeyStore subsystem.

  • Suspicious files

    Are you sure these files should be here?

  • Native code usage

    Native code (.so) usage 'System.loadLibrary();' is found.

  • MEDIUM
  • SD-card access

    SD-cards and other external storages have 'worldwide read' policy.

  • Certificates or keys found

    These credentials could be used for authentication.

  • Exported components

    Other applications could access the interfaces.

  • Runtime command execution

    Function 'Runtime.getRuntime().exec()' is used, please check where variables are come from.

  • CRITICAL
  • Customized SSL

    Check certificate validation. Do not create or redefine X509Certificate class methods by yourself, if you don't understand risks. Use the existing API.

CPENameOperatorVersion
your freedom vpn clientle20160224-02
JSON