Vulners
Lucene search
RENPHO 3.0.0 Information Disclosure
🗓️ 08 Oct 2019 00:00:00Reported by Tim SchughartType 
packetstorm🔗 packetstormsecurity.com👁 275 Views
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2019-14808 | 9 Oct 201915:03 | – | cve |
 | CVE-2019-14808 | 9 Oct 201915:03 | – | cvelist |
 | EUVD-2019-5937 | 7 Oct 202500:30 | – | euvd |
 | CVE-2019-14808 | 9 Oct 201916:15 | – | nvd |
 | CVE-2019-14808 | 9 Oct 201916:15 | – | osv |
 | Code injection | 9 Oct 201916:15 | – | prion |
 | CVE-2019-14808 | 22 May 202510:32 | – | redhatcve |
`Hello together,
we’ve found the following vulnerability below.
Affected software: RENPHO V3.0.0 (iOS App)
Vulnerability type: Missing Encryption and Integrity Check of Sensitive Data
Vulnerable version: Renpho Mobile Application V3.0.0 for iOS
Vulnerable component: Client app, transmitting data to server backend
Vendor report confidence: Unconfirmed
Fixed version: -
Vendor notification: 13/08/19
Solution date:
CVE reference: CVE-2019-14808
CVSSv3 Score: 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Researcher Credits: Tim Schughart, Christian Horn
Communication Timeline:
13th August 2019 Initial contact - no response
26th September second contact attempt - no response
08th October fulldisclosure
Vulnerability Details:
The client application (mobile app for iOS) transmits data unencrypted
to an server in JSON without integrity check, if an user changes
personal data in his profile tab oder logs hisself in his account.
Proof of concept:
Caputre traffice via proxy or MITM attack, while user logs in or changes his user profile. You are able to catch session id for cloning, password in cleartext oder change data on the fly, because of an missing integrity check.
Best regards / Mit freundlichen Grüßen
Dr. h.c. Tim Schughart
CEO / Geschäftsführer
--
ProSec GmbH
Robert-Koch-Straße 1-9
56751 Polch
Website: https://www.prosec-networks.com
E-Mail: [email protected]
Phone: +49 (0)261 450 930 90
Sitz der Gesellschaft / Company domiciled in: Polch
Registergericht / registry Court: Amtsgericht Koblenz, HRB 26457
Geschäftsführer: Tim Schughart
UST-IdNr./ VAT ID: DE321817516
"This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY PROTECTED information and is intended only for the named recipient(s). Any unauthorized use, dissemination, copying or forwarding is strictly prohibited. If you are not the intended recipient and have received this email communication in error, please notify the sender immediately, delete it and destroy all copies of this E-Mail.
"Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE und/oder RECHTLICH GESCHÜTZTE Informationen enthalten und ist ausschließlich für den/die genannten Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, Vervielfältigung oder Versendung ist strengstens verboten. Sollten Sie nicht der angegebene Adressat sein und diese E-Mail Mitteilung irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, löschen diese E-Mail und vernichten alle Kopien.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Oct 2019 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.0018