Mail.ru: [myMail Android] Access to protected app components via RegistrationPhoneActivity

2020-01-01T22:33:18
ID H1:766892
Type hackerone
Reporter bagipro
Modified 2021-03-11T15:32:07

Description

RegistrationPhoneActivity of My.com MyMail application for Android could be locally exploited by malicious application to access internal activities as was demonstrated by spoofing logon screen to send authentication request to arbitrary site.