The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://push32.com/post/dating-app-fail/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-03T13:01:33
Updated: 2024-08-04T12:04:22.161Z
Reserved: 2020-05-03T00:00:00
Link: CVE-2020-12624
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-05-03T13:15:11.310
Modified: 2024-11-21T04:59:56.397
Link: CVE-2020-12624
Redhat
No data.