Wechat exposed two vulnerabilities: not authorized to login others account-vulnerability warning-the black bar safety net

ID MYHACK58:62201454114
Type myhack58
Reporter 佚名
Modified 2014-09-27T00:00:00


Recently the black bar safety net vulnerability announcements section of the public Tencent wechat are two of the vulnerabilities. According to the vulnerability of the author described by the two vulnerability a hacker may not be authorized to access and log in directly to their wechat account.

According to the vulnerability Description, The White hats can through the Mac version of the client login and the web version of wechat log in two ways to hijack a user's wechat account. The main way is to the user to send a public link to the article, the interception of one of the key information, and then you can splice the scan code to login confirmation page, request, click to confirm the login, you can complete the others micro-channel client login. The web version vulnerability with the Mac version of the same, send a url, get the key, you can complete the login.

Currently Tencent official has 8 months 1 day confirmed the vulnerability and has started to be processed.