{"published": "2016-04-01T09:32:30", "id": "HACKAPP:DE.VOLKSWAGEN.ACCESSORIES.RACEAPP.APK", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"vulnersScore": 5.0}, "hash": "7ec1c989062aa23a534ae7c8eb8dfa47dda04c8cec2a3eac4051e3cfce24ad62", "description": "HackApp vulnerability scanner discovered that application Volkswagen RaceApp published at the 'play' market has multiple vulnerabilities.", "type": "hackapp", "lastseen": "2016-09-26T20:43:30", "edition": 1, "hackapp": {"version": "1.2.1", "store": "play", "release": "2015-03-24T00:00:00", "apk": "DE.VOLKSWAGEN.ACCESSORIES.RACEAPP.APK", "name": "Volkswagen RaceApp", "icon": "http://lh6.ggpht.com/NtFf2HyoWstF4dbE2UAJUewpiKK6glbfiNP7i_h3rRlUQAko5L_ZXY0QOzwj66_-9e4=w300", "link": "https://play.google.com/store/apps/details?id=de.volkswagen.accessories.raceapp&hl=en", "vendor": "Volkswagen AG", "bugs": [{"name": "Unsafe deleting", "id": "ab82540ff4a26eea9df7e17857849448", "severity": "notice", "description": "All items deleted with 'file.delete()' could be recovered."}, {"name": "Suspicious files", "id": "07d8ec745ecae5548e73c59613ace753", "severity": "notice", "description": "Are you sure these files should be here?"}, {"name": "WebView JavaScript enabled", "id": "cbd61cffc8932e5f77e3fcbc91813eb0", "severity": "medium", "description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks."}, {"name": "WebView files access", "id": "53b50bdd354c1f4dc1dfcdc6b7865623", "severity": "medium", "description": "Control of WebView context allows to access local files.\n\t\t\t"}, {"name": "Base64 encoded String", "id": "6e441346af196ff8a5c50b7d020a58f7", "severity": "critical", "description": "Base64 encoded string could include authentication credentials."}, {"name": "Possible privilege escalation", "id": "84d027c6bc78da7d5cf4c02e82bcac0d", "severity": "notice", "description": "This app is looking for root tools."}, {"name": "External URLs", "id": "ba1363cb7d080c10c42d001123372d83", "severity": "notice", "description": "Were do they point?"}, {"name": "Runtime command execution", "id": "7d1a1d37451a167a3c0b645dc8652ecc", "severity": "medium", "description": "Function 'Runtime.getRuntime().exec()' is used, please check where variables are come from."}, {"name": "SD-card access", "id": "334cf417a12ad3bd121f6d2d25b4f841", "severity": "medium", "description": "SD-cards and other external storages have 'worldwide read' policy."}]}, "title": "Volkswagen RaceApp - Base64 encoded String, External URLs, Possible privilege escalation vulnerabilities", "href": "https://hackapp.com/report/bd3d0f144a5dbef747ae820e59011b6d", "modified": "2016-04-01T09:32:30", "bulletinFamily": "software", "viewCount": 1, "cvelist": [], "affectedSoftware": [{"version": "1.2.1", "name": "Volkswagen RaceApp", "operator": "le"}], "references": ["https://play.google.com/store/apps/details?id=de.volkswagen.accessories.raceapp&hl=en"], "reporter": "Hackapp.org", "hashmap": [{"hash": "dca1063c92be9eb5d4e91df07241dcb7", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "38b89236ddb10dcbcee28266c1489f01", "key": "description"}, {"hash": "563f47c0580b6dae51bab1bd0da584f8", "key": "hackapp"}, {"hash": "69c75d2f742be06ab88de83225eaaf59", "key": "href"}, {"hash": "ef3846115058269b646251ec4c02df12", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "ef3846115058269b646251ec4c02df12", "key": "published"}, {"hash": "41d383f26a4022dbc2a1cacbc5c4953f", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "ad1b425a39312e517eb53f9a879ad1d8", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "objectVersion": "1.2"}

{"result": {}}