Skip to content Skip to sidebar Skip to footer

CVE-2020-27199 – The Magic Home Pro application 1.5.1 for Android allows Authentication By

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27199

Reference (s):

  • https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/magic-home-pro-mobile-application-authentication-bypass-cve-2020-27199/

Sign Up to Our Newsletter

Be the first to know the latest updates