ID HACKAPP:UA.BLAGOVIST.HOMEWORLD.APK
Type hackapp
Reporter Hackapp.org
Modified 2016-10-25T16:00:11
Description
HackApp vulnerability scanner discovered that application HomeWorld Експерт АН Благовіст published at the 'play' market has multiple vulnerabilities.
{"id": "HACKAPP:UA.BLAGOVIST.HOMEWORLD.APK", "bulletinFamily": "software", "title": "HomeWorld \u0415\u043a\u0441\u043f\u0435\u0440\u0442 \u0410\u041d \u0411\u043b\u0430\u0433\u043e\u0432\u0456\u0441\u0442 - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities", "description": "HackApp vulnerability scanner discovered that application HomeWorld \u0415\u043a\u0441\u043f\u0435\u0440\u0442 \u0410\u041d \u0411\u043b\u0430\u0433\u043e\u0432\u0456\u0441\u0442 published at the 'play' market has multiple vulnerabilities.", "published": "2016-10-25T16:00:11", "modified": "2016-10-25T16:00:11", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackapp.com/report/6bb3962657da75b10e05033234986415", "reporter": "Hackapp.org", "references": ["https://play.google.com/store/apps/details?id=ua.blagovist.homeworld&hl=en"], "cvelist": [], "type": "hackapp", "lastseen": "2018-08-02T14:01:00", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d55432cf0158aea51280793e61e5e3af"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "4a76ac898290e2c5a64514930ff9035e"}, {"key": "hackapp", "hash": "587cd1a5a07383729d8974f2c781253f"}, {"key": "href", "hash": "8ae9b62baeedab0ff302423d19d65d8a"}, {"key": "modified", "hash": "74ccf2708dc28b6dd9be3b33b86cc76f"}, {"key": "published", "hash": "74ccf2708dc28b6dd9be3b33b86cc76f"}, {"key": "references", "hash": "531dd3432a76bc31f836470f68bfcfff"}, {"key": "reporter", "hash": "3b012aae1848bb95fe11f3cebae83cb0"}, {"key": "title", "hash": "0dc9ce9fd3535c7dc5e65456ca0be063"}, {"key": "type", "hash": "96e87ef1fcc8d9d3cdd337488987c423"}], "hash": "6c263ec0e7c0ee054f11520ae45fc6cc1ffb4f4a49de389e03cbce0dbdf742d5", "viewCount": 0, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-08-02T14:01:00"}, "dependencies": {"references": [], "modified": "2018-08-02T14:01:00"}, "vulnersScore": 0.4}, "objectVersion": "1.3", "affectedSoftware": [{"name": "HomeWorld \u0415\u043a\u0441\u043f\u0435\u0440\u0442 \u0410\u041d \u0411\u043b\u0430\u0433\u043e\u0432\u0456\u0441\u0442", "operator": "le", "version": "1.09"}], "hackapp": {"apk": "UA.BLAGOVIST.HOMEWORLD.APK", "bugs": [{"description": "The app uses Android KeyStore subsystem.", "id": "7573814670550d4c3830bf0db731a460", "name": "KeyStore usage", "severity": "notice"}, {"description": "Were do they point?", "id": "39df49c193eeda7c205129990c258269", "name": "External URLs", "severity": "notice"}, {"description": "Files created with these methods could be worldwide readable.", "id": "3a93c8436d242e5cde3821716a4d46a1", "name": "Dangerous filesystem permissions", "severity": "critical"}, {"description": "This app uses self defined certificate verifier. If it is not properly configured it could allow attackers to do MITM attacks with their valid certificate without your knowledge.", "id": "6388bfafeac18b61aacc8b2dc292d594", "name": "Redefined SSL Common Names verifier", "severity": "critical"}, {"description": "\n\t\t\tCheck certificate validation. Do not create or redefine X509Certificate class methods by yourself, if you don't understand risks. Use the existing API.\n\t\t\t", "id": "9ce838e4a51dad23700ff9aa190ec900", "name": "Customized SSL", "severity": "critical"}, {"description": "All items deleted with 'file.delete()' could be recovered.", "id": "80496b8875816f29dac7f424da608f19", "name": "Unsafe deleting", "severity": "notice"}, {"description": "Are you sure these files should be here?", "id": "167fb530a95f83a907e23049368fd279", "name": "Suspicious files", "severity": "notice"}, {"description": "SD-cards and other external storages have 'worldwide read' policy.", "id": "fa9d2b6bc28d48e7afbab9bc8041928b", "name": "SD-card access", "severity": "medium"}], "icon": "http://lh3.googleusercontent.com/gJaQR9uJnG2GBMhBmkezYE3CfaSmNpZoo67V6fBVRdNsHh3Eg8rh_d2AaxBKshpbeh3c=w300", "link": "https://play.google.com/store/apps/details?id=ua.blagovist.homeworld&hl=en", "name": "HomeWorld \u0415\u043a\u0441\u043f\u0435\u0440\u0442 \u0410\u041d \u0411\u043b\u0430\u0433\u043e\u0432\u0456\u0441\u0442", "release": "2016-10-19T00:00:00", "store": "play", "vendor": "\u041f\u0435\u0440\u0448\u0430 \u0420\u0456\u0435\u043b\u0442\u043e\u0440\u0441\u044c\u043a\u0430 \u0413\u0440\u0443\u043f\u0430", "version": "1.09"}}
{}
