Bugtraq mailing list archives
QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys
From: issues () github com
Date: Wed, 20 Jan 2016 10:32:17 GMT
QuickAuth Pebble application loads the configuration page via HTTP. As such it is possible for an attacker to setup and use a MITM proxy to inject Javascript which posts the key to an external site to steal the TOTP keys as they are being updated on the Pebble app. Original GitHub issue : https://github.com/JumpMaster/QuickAuth/issues/25
Current thread:
- QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys issues (Jan 20)