tanprathan/CVE-2018-13446.txt

## CVE-2018-13446.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line
> application 8.8.1 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a
> certain method's return value to true. In other words, an attacker
> could authenticate with an arbitrary passcode. NOTE: the vendor
> indicates that this is not an attack of interest within the context
> of their threat model, which excludes Android devices on which
> rooting has occurred.
>
> ------------------------------------------
>
> [Additional Information]
> Exploitation Narrative for bypass local authentication on Passcode
>
> 1. De-compiling process was used to determine application logic
> through source code. Even the application was minified (Seems to be
> using Proguard), We still can analyse the logic of Passcode
> authentication on the "b" method and found that the return type is
> Boolean type.
>
> 2. Frida script was created to hook into "b" method in order to force the return value to be "true".
>
> Recommendation
> * Consider code obfuscation not only using Proguard due to it is just minify not obfuscating
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> OWASP Mobile Top 10 2016:M4-Insecure Authentication, CWE-287 - Improper Authentication
>
> ------------------------------------------
>
> [Vendor of Product]
> LINE Corporation
>
> ------------------------------------------
>
> [Affected Product Code Base]
> jp.naver.line (Android: Google Play Store) - 8.8.1
>
> ------------------------------------------
>
> [Affected Component]
> Passcode authentication
>
> ------------------------------------------
>
> [Attack Type]
> Context-dependent
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [CVE Impact Other]
> Authentication Bypass
>
> ------------------------------------------
>
> [Attack Vectors]
> An attacker who is able to access on rooted Android
> device, could perform runtime manipulation on Passcode authentication
> which allow attacker to force the return value to be "true". A
> malicious application which may evade Google Play Store detection,
> could attack the LINE application on rooted device by hooking into
> Passcode verification mechanism in order to bypass authentication
> process.
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Boonpoj Thongakaraniroj, Prathan Phongthiproek
>
> ------------------------------------------
>
> [Reference]
> https://play.google.com/store/apps/details?id=jp.naver.line.android&hl=en_US
	> [Description]
	> DISPUTED An issue was discovered in the LINE jp.naver.line
	> application 8.8.1 for Android. The Passcode feature allows
	> authentication bypass via runtime manipulation that forces a
	> certain method's return value to true. In other words, an attacker
	> could authenticate with an arbitrary passcode. NOTE: the vendor
	> indicates that this is not an attack of interest within the context
	> of their threat model, which excludes Android devices on which
	> rooting has occurred.
	>
	> ------------------------------------------
	>
	> [Additional Information]
	> Exploitation Narrative for bypass local authentication on Passcode
	>
	> 1. De-compiling process was used to determine application logic
	> through source code. Even the application was minified (Seems to be
	> using Proguard), We still can analyse the logic of Passcode
	> authentication on the "b" method and found that the return type is
	> Boolean type.
	>
	> 2. Frida script was created to hook into "b" method in order to force the return value to be "true".
	>
	> Recommendation
	> * Consider code obfuscation not only using Proguard due to it is just minify not obfuscating
	>
	> ------------------------------------------
	>
	> [VulnerabilityType Other]
	> OWASP Mobile Top 10 2016:M4-Insecure Authentication, CWE-287 - Improper Authentication
	>
	> ------------------------------------------
	>
	> [Vendor of Product]
	> LINE Corporation
	>
	> ------------------------------------------
	>
	> [Affected Product Code Base]
	> jp.naver.line (Android: Google Play Store) - 8.8.1
	>
	> ------------------------------------------
	>
	> [Affected Component]
	> Passcode authentication
	>
	> ------------------------------------------
	>
	> [Attack Type]
	> Context-dependent
	>
	> ------------------------------------------
	>
	> [Impact Information Disclosure]
	> true
	>
	> ------------------------------------------
	>
	> [CVE Impact Other]
	> Authentication Bypass
	>
	> ------------------------------------------
	>
	> [Attack Vectors]
	> An attacker who is able to access on rooted Android
	> device, could perform runtime manipulation on Passcode authentication
	> which allow attacker to force the return value to be "true". A
	> malicious application which may evade Google Play Store detection,
	> could attack the LINE application on rooted device by hooking into
	> Passcode verification mechanism in order to bypass authentication
	> process.
	>
	> ------------------------------------------
	>
	> [Has vendor confirmed or acknowledged the vulnerability?]
	> true
	>
	> ------------------------------------------
	>
	> [Discoverer]
	> Boonpoj Thongakaraniroj, Prathan Phongthiproek
	>
	> ------------------------------------------
	>
	> [Reference]
	> https://play.google.com/store/apps/details?id=jp.naver.line.android&hl=en_US