iGap Meesenger Web Client Lock Screen Bypass

2018.04.23

Snooper (IR)

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: iGap Meesenger Web Client Lock Screen Bypass
# Details: iGap is a free Iranian open-source instant messaging application for smart phones , Web and personal computers.
# Date: 4-23-2017
# Wiki: https://en.wikipedia.org/wiki/IGap
# Exploit Author: Snooper
# Contact: snbig@pm.me
# Risk: High
# Category: web apps
# Tested on: Chrome
# Vulnerable website: https://web.igap.net (iGap web client)
# Version: 3.2.4 (latest version) and lower
1. Description
iGap web client (https://web.igap.net) srtores lock screen password hash (sha-256) in the browser local storage without server-side encryption!
After enabling lock screen and setting password , password hash is stored with "iGap__lockScreenSetting" key in the browser local storage so
anyone who has access to the client browser is able to delete that key and bypass the lock screen.
2. Exploit :
[Chrome browser]
- Press Ctrl+Shift+j in chrome browser to open "console" tab.
- Enter the following command in the console line to delete "iGap__lockScreenSetting" value :
> localStorage.removeItem("iGap__lockScreenSetting");
- Reload lock screen page by pressing Ctrl+R.
- Lock screen bypassed :)

References:

https://www.igap.net/

See this note in RAW Version

Vote for this issue:

52%

48%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

iGap Meesenger Web Client Lock Screen Bypass

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.