Able to intercept app Traffic after choosing up the Secured Connection using SSL (HTTPS)
Unknown
Vulnerability Details
Install the app
Login with Valid credentials
Settings - Choose Secured connection (HTTPS)
Close the app
Set the proxy and Open the app
verify that Connection isn't Secured and able to intercept (PFA POC)
Expected Result : Secured layer & SSL PINING should be applied successfully.
Actions
View on HackerOneReport Stats
- Report ID: 64731
- State: Closed
- Substate: resolved
- Upvotes: 4