Описание
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
Ссылки
- ExploitThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:nutspace:nut_mobile:-:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01937
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
EPSS
Процентиль: 83%
0.01937
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200