Mansion Hidden Object Games - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Mansion Hidden Object Games published at the 'play' market has multiple vulnerabilities...

Hidden Object Mystery Society - Customized SSL, Dangerous filesystem permissions, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Hidden Object Mystery Society published at the 'play' market has multiple vulnerabilities...

Find Objects Hidden Object - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Find Objects Hidden Object published at the 'play' market has multiple vulnerabilities...

Queen's Quest - Hidden Object - Base64 encoded String, Dynamic Code Loading, Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Queen's Quest - Hidden Object published at the 'play' market has multiple vulnerabilities...

Mystic Diary 2 - Hidden Object - Exported components, External URLs, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Mystic Diary 2 - Hidden Object published at the 'play' market has multiple vulnerabilities...

Hidden Object Mystery Guardian - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Hidden Object Mystery Guardian published at the 'play' market has multiple vulnerabilities...

Time Gap Hidden Object Mystery - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Time Gap Hidden Object Mystery published at the 'play' market has multiple vulnerabilities...

CVE-2014-5542

The CVE-2014-5542 entry applies to the Android app The Hidden Object Mystery (air.com.differencegames.hodetectivemysteryfree) v1.0.65, where the app does not verify X.509 SSL certificates. This prevents server authentication, enabling MITM attackers to spoof HTTPS servers and access sensitive dat...

CVE-2014-5542

The Hidden Object Mystery aka air.com.differencegames.hodetectivemysteryfree application 1.0.65 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...