CVE-2016-6548
N/A
N/A
Summary
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Zizai Technology | Tech Nut Mobile Application | N/A | unknown |
Weaknesses
- CWE-200: CWE-200: Information Exposure
ADP Enrichment
CVE Program Container
Additional References
- https://www.securityfocus.com/bid/93877
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
- https://www.kb.cert.org/vuls/id/402847
References
- https://www.securityfocus.com/bid/93877
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
- https://www.kb.cert.org/vuls/id/402847
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.