The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.
References
Link | Resource |
---|---|
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/magic-home-pro-mobile-application-authentication-bypass-cve-2020-27199/ | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-12-17 05:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-27199
Mitre link : CVE-2020-27199
CVE.ORG link : CVE-2020-27199
JSON object : View
Products Affected
magic_home_pro_project
- magic_home_pro
CWE
CWE-287
Improper Authentication