vendor:
VPA
by:
MaXe
8,8
CVSS
HIGH
Remote Code Execution via Man-In-The-Middle (MITM)
284
CWE
Product Name: VPA
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a2.virtualpostage.com
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Android 4.1.0 (Google APIs) - API Level 16 - x86
2017
Virtual Postage (VPA) – Remote Code Execution via MITM
The Android application is vulnerable to Remote Code Execution via Man-In-The-Middle (MITM) attacks. This is caused by the application sending the user's credentials (username and password) over an unencrypted HTTP GET request, which can be intercepted by an attacker.
Mitigation:
Encrypt the credentials before sending them over the network.
