Not sure if this can be tracked as a security issue, but this definitely calls for a code change. This can be classified into Denial of Service category attack and can seriously hamper user experience.
Asset: Nexcloud Android Client (com.nextcloud.client)
Version: 3.11.1 (latest)
###Details
The Nextcloud android app registers a deeplink nc://login
that is handled by the com.owncloud.android.authentication.ModifiedAuthenticatorActivity
class as seen in AndroidManifest file.
The above mentioned class implements AuthenticatorActivity
class in order to handle incoming deeplinks.
It is seen that the method parseLoginDataUrl
does not handle exception correctly crashing the Nextcloud app.
malicious apps can thus crash the nextcloud client by sending following data in intent : nc://login
.
ADB payload:
adb shell am start -a "android.intent.action.VIEW" -c "android.intent.category.DEFAULT" -n "com.nextcloud.client/com.owncloud.android.authentication.ModifiedAuthenticatorActivity" -d "nc://login"
Attaching video PoC
{F803256}