Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HRakuten Viber
APPRakuten≤ 11.7.0.5
Related vulnerabilities
Rakuten Viber: statyczny fingerprint TLS umożliwia identyfikację ruchu proxy
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could la...
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary comm...
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward int...
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Vibe...