Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the users authentication information via a malicious application created by the third party.
Weakness
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rakuma | Rakuten | * | 7.15.0 (including) |
| Rakuma | Rakuten | * | 7.16.4 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/474.html
- https://cwe.mitre.org/data/definitions/50.html
- https://cwe.mitre.org/data/definitions/509.html
- https://cwe.mitre.org/data/definitions/551.html
- https://cwe.mitre.org/data/definitions/555.html
- https://cwe.mitre.org/data/definitions/560.html
- https://cwe.mitre.org/data/definitions/561.html
- https://cwe.mitre.org/data/definitions/600.html
- https://cwe.mitre.org/data/definitions/644.html
- https://cwe.mitre.org/data/definitions/645.html
- https://cwe.mitre.org/data/definitions/652.html
- https://cwe.mitre.org/data/definitions/653.html
References
- http://jvn.jp/en/jp/JVN41566067/index.html
- https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998
- https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en
- http://jvn.jp/en/jp/JVN41566067/index.html
- https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998
- https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en