QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys Jan 20 2016 10:32AM
issues github com
QuickAuth Pebble application loads the configuration page via HTTP. As such it is possible for an attacker to setup and use a MITM proxy to inject Javascript which posts the key to an external site to steal the TOTP keys as they are being updated on the Pebble app.

Original GitHub issue : https://github.com/JumpMaster/QuickAuth/issues/25

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus