Pillaging AWS ECS Task Definitions for Hardcoded Secrets

The post Pillaging AWS ECS Task Definitions for Hardcoded Secrets appeared first on Rhino Security Labs...

CVE-2018-10813

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...

My Telekom - Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application My Telekom published at the 'play' market has multiple vulnerabilities...

Qwant - Customized SSL, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Qwant published at the 'play' market has multiple vulnerabilities...

Booking.com Hotels & Vacation Rentals - Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Booking.com Hotels & Vacation Rentals published at the 'play' market has multiple vulnerabilities...

My Verisure - Customized SSL, Hardcoded secrets, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application My Verisure published at the 'play' market has multiple vulnerabilities...

Textra SMS - Dangerous filesystem permissions, Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Textra SMS published at the 'play' market has multiple vulnerabilities...

BharatMatrimony - Matrimonial - Customized SSL, Hardcoded secrets, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application BharatMatrimony - Matrimonial published at the 'play' market has multiple vulnerabilities...

Privat24 - Customized SSL, Hardcoded secrets, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Privat24 published at the 'play' market has multiple vulnerabilities...

Signal Private Messenger - Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Signal Private Messenger published at the 'play' market has multiple vulnerabilities...

Kodi - GPL license, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Kodi published at the 'play' market has multiple vulnerabilities...

NBA app - Dangerous filesystem permissions, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application NBA app published at the 'play' market has multiple vulnerabilities...

Toshl Finance Budget & Expense - Base64 encoded String, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Toshl Finance Budget & Expense published at the 'play' market has multiple vulnerabilities...

BEST Mumbai Bus Ticket & Pass - Customized SSL, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application BEST Mumbai Bus Ticket & Pass published at the 'play' market has multiple vulnerabilities...

Empire: Four Kingdoms - Dangerous filesystem permissions, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Empire: Four Kingdoms published at the 'play' market has multiple vulnerabilities...

Citrix Secure Mail - Customized SSL, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Citrix Secure Mail published at the 'play' market has multiple vulnerabilities...

Yappy - SMS on PC & Tablet - Dangerous filesystem permissions, Hardcoded secrets, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Yappy - SMS on PC & Tablet published at the 'play' market has multiple vulnerabilities...

Messaging SMS + MMS - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Messaging SMS + MMS published at the 'play' market has multiple vulnerabilities...

QKSMS - Open Source SMS & MMS - Customized SSL, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application QKSMS - Open Source SMS & MMS published at the 'play' market has multiple vulnerabilities...