Hotel Story: Resort Simulation - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Hotel Story: Resort Simulation published at the 'play' market has multiple vulnerabilities...

CVE-2014-5831

The Hotel Story: Resort Simulation aka com.happylabs.hotelstory application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Hotel Story: Resort Simulation aka com.happylabs.hotelstory application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5831

The Hotel Story: Resort Simulation aka com.happylabs.hotelstory application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5831

CVE-2014-5831 concerns the Android app “The Hotel Story: Resort Simulation” (com.happylabs.hotelstory) version 1.7.9B. The vulnerability is that the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and exfiltrate sensitive information ...