Try   HackMD

CODE ANALYSIS

  • The App uses an insecure Random Number Generator.
  • Insecure WebView Implementation. Execution of user controlled code in WebView is a critical Security Hole.
  • App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.
  • App can read/write to External Storage. Any App can read data written to External Storage.
  • Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
  • SHA-1 is a weak hash known to have hash collisions.

FILE ANALYSIS

  • Certificate/Key files hardcoded inside the app.
Last changed by 
JavaScriipt
0
163

Read more

Interna - CRA Alarmas Colombia

[x] 55786 (2) - Oracle Database Unsupported Version Detection [x] 42873 (14) - SSL Medium Strength Cipher Suites Supported (SWEET32) [x] 35291 (8) - SSL Certificate Signed Using Weak Hashing Algorithm [x] 20007 (2) - SSL Version 2 and 3 Protocol Detection [x] 69552 (2) - Oracle TNS Listener Remote Poisoning [x] 51192 (20) - SSL Certificate Cannot Be Trusted [x] 57582 (17) - SSL Self-Signed Certificate [x] 65821 (11) - SSL RC4 Cipher Suites Supported (Bar Mitzvah) [x] 104743 (11) - TLS Version 1.0 Protocol Detection [x] 121010 (11) - TLS Version 1.1 Protocol Detection

Nov 30, 2022
Read more from JavaScriipt
Published on HackMD