Vulnerability Details CVE-2020-25493
Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://oclean.com
- https://github.com/c3r34lk1ll3r/decrypt-oclean-traffic
- https://play.google.com/store/apps/details?id=com.yunding.noopsychebrushforeign
- http://oclean.com
- https://github.com/c3r34lk1ll3r/decrypt-oclean-traffic
- https://play.google.com/store/apps/details?id=com.yunding.noopsychebrushforeign