Last active
May 15, 2019 07:04
-
-
Save tanprathan/19165c43ade898ab8b664098fb171f49 to your computer and use it in GitHub Desktop.
LINE CVE-2018-13435 Information
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> [Description] | |
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application | |
> 8.8.0 for iOS. The Passcode feature allows authentication bypass via | |
> runtime manipulation that forces a certain method to disable passcode | |
> authentication. NOTE: the vendor indicates that this is not an attack | |
> of interest within the context of their threat model, which excludes | |
> iOS devices on which a jailbreak has occurred. | |
> | |
> ------------------------------------------ | |
> | |
> [Additional Information] | |
> Exploitation Narrative for bypass local authentication on Passcode | |
> | |
> 1. During passcode authentication, runtime manipulation through | |
> frida-trace was conducted in order to identify passcode class/method | |
> name. | |
> | |
> 2. Once the Passcode authentication class/method was addressed, the | |
> frida script was created to hook into "- [NLAuthenticationManager | |
> passcodeEnabled]" to force disabling the passcode authentication. | |
> | |
> POC:https://www.dropbox.com/s/eeeusky36jtthi5/LINE-BypassPIN.mp4?dl=0 | |
> | |
> Recommendation | |
> - Consider code obfuscation or security protection on runtime | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> OWASP Mobile Top 10 2016:M4-Insecure Authentication, CWE-287 - Improper Authentication | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> LINE Corporation | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> jp.naver.line (iOS: App Store) - 8.8.0 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> Passcode authentication | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type] | |
> Context-dependent | |
> | |
> ------------------------------------------ | |
> | |
> [Impact Information Disclosure] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [CVE Impact Other] | |
> Authentication Bypass | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> An attacker who is able to access on jail-broken iOS device, could | |
> perform runtime manipulation on Passcode authentication which allow | |
> attacker to force the return value to be "true". A malicious | |
> application which may evade AppStore detection, could attack the LINE | |
> application on jail-broken device by hooking into Passcode | |
> verification mechanism in order to bypass authentication process. | |
> | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Parameth Eimsongsak, Prathan Phongthiproek | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> https://www.dropbox.com/s/eeeusky36jtthi5/LINE-BypassPIN.mp4?dl=0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment