Skip to content

Instantly share code, notes, and snippets.

@tanprathan
Last active May 15, 2019 07:04
Show Gist options
  • Save tanprathan/19165c43ade898ab8b664098fb171f49 to your computer and use it in GitHub Desktop.
Save tanprathan/19165c43ade898ab8b664098fb171f49 to your computer and use it in GitHub Desktop.
LINE CVE-2018-13435 Information
> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application
> 8.8.0 for iOS. The Passcode feature allows authentication bypass via
> runtime manipulation that forces a certain method to disable passcode
> authentication. NOTE: the vendor indicates that this is not an attack
> of interest within the context of their threat model, which excludes
> iOS devices on which a jailbreak has occurred.
>
> ------------------------------------------
>
> [Additional Information]
> Exploitation Narrative for bypass local authentication on Passcode
>
> 1. During passcode authentication, runtime manipulation through
> frida-trace was conducted in order to identify passcode class/method
> name.
>
> 2. Once the Passcode authentication class/method was addressed, the
> frida script was created to hook into "- [NLAuthenticationManager
> passcodeEnabled]" to force disabling the passcode authentication.
>
> POC:https://www.dropbox.com/s/eeeusky36jtthi5/LINE-BypassPIN.mp4?dl=0
>
> Recommendation
> - Consider code obfuscation or security protection on runtime
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> OWASP Mobile Top 10 2016:M4-Insecure Authentication, CWE-287 - Improper Authentication
>
> ------------------------------------------
>
> [Vendor of Product]
> LINE Corporation
>
> ------------------------------------------
>
> [Affected Product Code Base]
> jp.naver.line (iOS: App Store) - 8.8.0
>
> ------------------------------------------
>
> [Affected Component]
> Passcode authentication
>
> ------------------------------------------
>
> [Attack Type]
> Context-dependent
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [CVE Impact Other]
> Authentication Bypass
>
> ------------------------------------------
>
> [Attack Vectors]
> An attacker who is able to access on jail-broken iOS device, could
> perform runtime manipulation on Passcode authentication which allow
> attacker to force the return value to be "true". A malicious
> application which may evade AppStore detection, could attack the LINE
> application on jail-broken device by hooking into Passcode
> verification mechanism in order to bypass authentication process.
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Parameth Eimsongsak, Prathan Phongthiproek
>
> ------------------------------------------
>
> [Reference]
> https://www.dropbox.com/s/eeeusky36jtthi5/LINE-BypassPIN.mp4?dl=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment