iGap Meesenger Web Client Lock Screen Bypass

2018.04.23
ir Snooper (IR) ir
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: iGap Meesenger Web Client Lock Screen Bypass # Details: iGap is a free Iranian open-source instant messaging application for smart phones , Web and personal computers. # Date: 4-23-2017 # Wiki: https://en.wikipedia.org/wiki/IGap # Exploit Author: Snooper # Contact: snbig@pm.me # Risk: High # Category: web apps # Tested on: Chrome # Vulnerable website: https://web.igap.net (iGap web client) # Version: 3.2.4 (latest version) and lower 1. Description iGap web client (https://web.igap.net) srtores lock screen password hash (sha-256) in the browser local storage without server-side encryption! After enabling lock screen and setting password , password hash is stored with "iGap__lockScreenSetting" key in the browser local storage so anyone who has access to the client browser is able to delete that key and bypass the lock screen. 2. Exploit : [Chrome browser] - Press Ctrl+Shift+j in chrome browser to open "console" tab. - Enter the following command in the console line to delete "iGap__lockScreenSetting" value : > localStorage.removeItem("iGap__lockScreenSetting"); - Reload lock screen page by pressing Ctrl+R. - Lock screen bypassed :)

References:

https://www.igap.net/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top