CVE-2020-27199 – The Magic Home Pro application 1.5.1 for Android allows Authentication By

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27199

Reference (s):

  • https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/magic-home-pro-mobile-application-authentication-bypass-cve-2020-27199/
Previous Post

CVE-2020-27180 – konzept-ix publiXone before 2020.015 allows attackers to download files b

Next Post

CVE-2020-27212 – STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

Related Posts