All traffic via HTTP in Girlfriend Cell Tracker App
- Vendor: SoftSquare InfoSoft
- Product: Girlfriend Cell Tracker (Package-Name: com.omrup.cell.tracker)
- Affected Version: v1.20
- Severity: Medium
- Short summary: All requests (including to the API) are made via HTTP, making the communication vulnerable to man-in-the-middle attacks.
The app uses HTTP for all communications. All communications, including username, password, received SMS messages, are not secured and vulnerable to man-in-the-middle attacks.
- 2017-07-26: Vulnerability discovered
- 2017-08-29: First Email sent to developer
- 2018-08-11: Published