Scribd
Upload
1 views

Broken Authentication and Session Management (Identification and Authentication Failures)

Uploaded by

Karan deep
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
1 views

Broken Authentication and Session Management (Identification and Authentication Failures)

Uploaded by

Karan deep
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Broken Authentication and Session Management (Identification and Authentication Failures)

Summary : Weak session management and authentication mechanisms, allowing you to manipulate session
tokens or credentials to impersonate other users.

OWASP Category: M1: Improper Platform Usage ,M3: Insecure Communication,M7: Client Code Quality,IDOR

Severity : High

From : Remote / External

Steps to Reproduce:

Use an iPhone jailbroken with the latest iOS version, 17.4.1.

Enable the proxy on Burp Suite running on your laptop.

Connect your iOS device to the same network as your laptop and configure the iOS device to use the Burp
Suite proxy.

Launch the target app on the jailbroken iPhone.

Enter your phone number in the app and click "Continue."


Monitor the network requests in Burp Suite.

Receive the OTP on your phone.

Enter the OTP in the app and click "Continue."

Specifically capture the request to api.spacebasic.com/api/v3/user/info?userPhoneOrEmail=9456335657 in


Burp Suite.
Send this captured request to Burp Suite's Repeater.

In the Repeater, change the userPhoneOrEmail parameter to a different phone number or email.

Send the modified request from Repeater.

Note that you can now access the account associated with the modified phone number or email, which is a
severe flaw in the system. (blurred to sustain privacy).
This unauthorized access is reflected both in Burp Suite and on the iOS device.

By following these steps, you can reproduce the vulnerability, demonstrating how the app fails to properly
validate and secure user information, allowing unauthorized access to any user's account.

Impact : This vulnerability allows an attacker to access any user's account by tampering with the phone
number or email parameter in network requests. As a result, sensitive personal information can be exposed,
and unauthorized actions can be performed on behalf of other users. This represents a severe security flaw,
compromising user privacy and system integrity.

Affected Path: Entire Application

References to similar issues on hackerone :

https://hackerone.com/reports/42587

https://hackerone.com/reports/204292

https://hackerone.com/reports/751577
Some more issues to mention :

No Jailbreak Detection on ios devices.

Binary make use of insecure API(s) - CWE-676 | OWASP MASVS - MSTG CODE-8 | : The Binary may contain the
following insecure API(s) fopen , sscaf.

Binary make use of malloc function - CWE-789 Uncontrolled memory Allocation| OWASP MASVS - MSTG CODE-
8 | : The Binary may use _maloc function instead of calloc.

IPA Binary Analysis : The binary is not Encrypted.

You might also like