Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
- http://seclists.org/fulldisclosure/2021/Jun/45
- https://trovent.github.io/security-advisories/TRSA-2105-01/TRSA-2105-01.txt
- https://trovent.io/security-advisory-2105-01
No PoCs found on GitHub currently.