Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Viber 输入验证错误漏洞
Vulnerability Description
Viber是一套跨平台的即时通信软件。 Viber 11.7.0.5及之前版本中存在输入验证错误漏洞,该漏洞源于程序没有对所有的Viber协议流量进行加密。远程攻击者可通过捕获用户的网络流量利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A