The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NMeatmeet
APPMeatmeet1.1.2.0
Related vulnerabilities
Ujawnienie informacji o nieopublikowanych urządzeniach w aplikacji Meatmeet Android
Hardcoded credentials w aplikacji mobilnej Meatmeet
Brak walidacji certyfikatu TLS w aplikacji mobilnej Meatmeet
The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of ...
The mobile application insecurely handles information stored within memory. By performing a memory dump on the...