Security Issue (Group 2): Possible Eavesdropping and Credential or Secret Exposure.

[cpatel321]

The security guard application has a secret which is necessary for reading and writing the logs. The adversary can easily find out secrets by sniffing the transmitted packets as there is no encryption over SSL. Also, the client application is a very simple one and can be substituted by this very simple command.

nc <server-ip> <port>

Adversaries can easily append to logs and read them.

The following is the screenshot from Wireshark application, showing the exposure of the secret.

If you wish you can access the TCP dump file.

[naveeeeeeeeeen]

RESOLVED PR Number: #259 #260 #261