In this article we will introduce you to vulnerability in IOS app (Scanner pro) found by Shawar Khan. He found a vulnerability in Scanner Pro that allows an attacker to get the master password of the app.
According to my research i have found that the sensitive data stored in the files is unencrypted, which means anyone can read it easily. So after opening the app it asks for password, now all we have to do is to find the password. The followings are my IOS device details:
IOS 8.4
Jailbroken
Iphone 5
First of all we have to install iFile in order to browse the root directories and files.
Now locate to the following directory:
/var/mobile/Containers/Data/Application/05D44FCA-0D6D-42FE-BFF3-BFBDE8A0807B/Library/Preferences/
Now we will see the following file:
com.readdle.Scanner.plist
After opening the file, we have to search for “app_password”
now it will show us the following source:
<key>__rdcid</key> <string>QpZxOWafTYehuqn1hcWORw</string> <key>__rdcidModel</key> <string>iPhone5,1</string> <key>_statsDocumentsCount</key> <integer>3</integer> <key>_statsLastScanCreateTimeStamp</key> <real>406321202.20056899</real> <key>app_password</key> <string>shawarkhan1337</string>
Now in the above code , you can clearly see the app password. Thats the master password which is unencrypted and which is used to log into the App. Now using this methodology any attacker can get the credentials and other sensitive data of the app. After logging into the app the attacker will have full access to the contents stored in the app. The data could be Documents , Files , Credentials or other sensitive files that must be kept secret.
See the live video Proof Of Concept video below:
Original post :- http://shawarkhan.com/root-explorer-ios-app-vulnerable-to-authentication-bypass-bug/
 found by Shawar Khan. He found a vulnerability in Scanne...){kind=link}
0 comments:
Post a Comment