Domain Spoofing Vuln in Status Android Wallet (opens in new tab)

(github.com)

3 pointshackideiomat2y ago1 comments

1 comments

This android wallet has an internal browser and it incorrectly strips www. from hosts. This also affects their permission system, meaning this is the perfect bug to phish users.

They didn't answer multiple mails in 30 days, so it's being disclosed.

j / k navigate · click thread line to collapse

Domain Spoofing Vuln in Status Android Wallet (opens in new tab)

(github.com)

3 pointshackideiomat2y ago1 comments

1 comments

hackideiomatOP2y ago

This android wallet has an internal browser and it incorrectly strips www. from hosts. This also affects their permission system, meaning this is the perfect bug to phish users.

They didn't answer multiple mails in 30 days, so it's being disclosed.

j / k navigate · click thread line to collapse