The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2018-07-13T20:00:00
Updated: 2024-08-06T01:36:27.302Z
Reserved: 2016-08-03T00:00:00
Link: CVE-2016-6548
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-13T20:29:00.503
Modified: 2024-11-21T02:56:20.010
Link: CVE-2016-6548
Redhat
No data.