[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys

QuickAuth Pebble application loads the configuration page via HTTP. As such it is possible for an attacker to setup and use a MITM proxy to inject Javascript which posts the key to an external site to steal the TOTP keys as they are being updated on the Pebble app.

Original GitHub issue : https://github.com/JumpMaster/QuickAuth/issues/25