I would like to report a security issue found during an investigation for an iOS application which uses this library. Using the Burp tool I was able to conduct a MITM attack and intercept all traffic of the iOS application.
We found out this library allows any root CA (in this case, the root CA of Burp, which was NOT trusted on the iOS device) if the DidReceiveChallenge method is used, because of the following flag:
Important note: as far as I am aware, the library has been modified in the tested iOS app, therefore there is a chance the vulnerability is not exploitable in the repo version. But i would like to have your option about it and understand why this flag was enabled in the first place.
PS: I am well aware this project is not currently active but, if this issue is confirmed, a lot of projects may be affected and therefore vulnerable to MITM attacks.
Hello,
I would like to report a security issue found during an investigation for an iOS application which uses this library. Using the Burp tool I was able to conduct a MITM attack and intercept all traffic of the iOS application.
We found out this library allows any root CA (in this case, the root CA of Burp, which was NOT trusted on the iOS device) if the
DidReceiveChallengemethod is used, because of the following flag:X509VerificationFlags.AllowUnknownCertificateAuthority;iOS vulnerable line:
Android vulnerable line (this has not been tested):
Important note: as far as I am aware, the library has been modified in the tested iOS app, therefore there is a chance the vulnerability is not exploitable in the repo version. But i would like to have your option about it and understand why this flag was enabled in the first place.
PS: I am well aware this project is not currently active but, if this issue is confirmed, a lot of projects may be affected and therefore vulnerable to MITM attacks.
Let me know if you need any further information.
Best, Mirko