Potentially Clear text HTTP request

Description

Mobile Applications must use Secure Sockets Layer SSL / Transport Layer Security TLS to provide encryption at the transport layer and ensure the confidentiality and integrity of data in transit.This application does not use SSL/TLS and is vulnerable to traffic interception and modification.

An attacker performing a man-in-the-middle (MITM) attack may:

  • Passively intercept the communication to access any sensitive data in transit like usernames, passwords or credit card number
  • Actively inject or remove content to forge and omit information or inject malicious scripts
  • Actively redirect the communication to the attacker in the context of the initial trusted party

Recommendation

It is recommended to ensure the use of an encrypted channel for requests transmitting sensitive data, it is however highly recommended to encrypt all requests made by the application, as the interception and modification of non sensitive requests could be leveraged to access sensitive data.

The encrypted channel should use secure protocols and cipher suites, do not develop custom encryption protocols or algorithms.

Technical details
[TAINT] String 'http://10.14.15.251:8036/zendeskSupport' ==>>> Sink '['Landroid/net/Uri;', 'parse', '(Ljava/lang/String;)Landroid/net/Uri;', '0', 'HTTP_NETWORKING_SINK']' [[('Lcom/cloudsinc/welltekmobile/native_v2_welltek/adapters/ContactUsDeviceListAdapter$2;', 'onClick', '(Landroid/view/View;)V'), ('Lcom/cloudsinc/welltekmobile/native_v2_welltek/utils/ZenDeskRequest;', '<init>', '(Landroid/content/Context; Ljava/lang/String;)V'), ('Lcom/cloudsinc/welltekmobile/native_v2_welltek/utils/ZenDeskRequest$1;', '<init>', '(Lcom/cloudsinc/welltekmobile/native_v2_welltek/utils/ZenDeskRequest; I Ljava/lang/String; Lcom/android/volley/Response$Listener; Lcom/android/volley/Response$ErrorListener; Lcom/cloudsinc/welltekmobile/native_v2_welltek/sharedprefrences/PrefManager; Ljava/lang/String;)V'), ('Lcom/android/volley/toolbox/StringRequest;', '<init>', '(I Ljava/lang/String; Lcom/android/volley/Response$Listener; Lcom/android/volley/Response$ErrorListener;)V'), ('Lcom/android/volley/Request;', '<init>', '(I Ljava/lang/String; Lcom/android/volley/Response$ErrorListener;)V'), ('Lcom/android/volley/Request;', 'findDefaultTrafficStatsTag', '(Ljava/lang/String;)I'), ('Landroid/net/Uri;', 'parse', '(Ljava/lang/String;)Landroid/net/Uri;')]]

Use of a clear-text non-encrypted HTTP URL:

Method com.cloudsinc.welltekmobile.native_v2_welltek.adapters.ContactUsDeviceListAdapter$2.onClick():


    public void onClick(android.view.View p4)
    {
        com.cloudsinc.welltekmobile.native_v2_welltek.adapters.ContactUsDeviceListAdapter$ViewHolder.access$400(this.val$holder).setVisibility(0);
        com.cloudsinc.welltekmobile.native_v2_welltek.adapters.ContactUsDeviceListAdapter$ViewHolder.access$500(this.val$holder).setVisibility(8);
        new com.cloudsinc.welltekmobile.native_v2_welltek.utils.ZenDeskRequest(com.cloudsinc.welltekmobile.native_v2_welltek.adapters.ContactUsDeviceListAdapter.access$600(this.this$0), "");
        return;
    }

Method com.cloudsinc.welltekmobile.native_v2_welltek.utils.ZenDeskRequest.<init>():


    public ZenDeskRequest(android.content.Context p10, String p11)
    {
        this.TAG = this.getClass().getSimpleName();
        this.mcontext = p10;
        com.android.volley.toolbox.Volley.newRequestQueue(p10).add(new com.cloudsinc.welltekmobile.native_v2_welltek.utils.ZenDeskRequest$1(this, 1, "http://10.14.15.251:8036/zendeskSupport", this.createMyReqSuccessListener(), this.createMyReqErrorListener(), new com.cloudsinc.welltekmobile.native_v2_welltek.sharedprefrences.PrefManager(p10), p11));
        return;
    }

Method com.cloudsinc.welltekmobile.native_v2_welltek.utils.ZenDeskRequest$1.<init>():


    ZenDeskRequest$1(com.cloudsinc.welltekmobile.native_v2_welltek.utils.ZenDeskRequest p1, int p2, String p3, com.android.volley.Response$Listener p4, com.android.volley.Response$ErrorListener p5, com.cloudsinc.welltekmobile.native_v2_welltek.sharedprefrences.PrefManager p6, String p7)
    {
        this.this$0 = p1;
        this.val$prefManager = p6;
        this.val$comment = p7;
        super(p2, p3, p4, p5);
        return;
    }

Method com.android.volley.toolbox.StringRequest.<init>():


    public StringRequest(int p1, String p2, com.android.volley.Response$Listener p3, com.android.volley.Response$ErrorListener p4)
    {
        super(p1, p2, p4);
        super.mListener = p3;
        return;
    }

Method com.android.volley.Request.<init>():


    public Request(int p4, String p5, com.android.volley.Response$ErrorListener p6)
    {
        int v0_4;
        if (!com.android.volley.VolleyLog$MarkerLog.ENABLED) {
            v0_4 = 0;
        } else {
            v0_4 = new com.android.volley.VolleyLog$MarkerLog();
        }
        this.mEventLog = v0_4;
        this.mShouldCache = 1;
        this.mCanceled = 0;
        this.mResponseDelivered = 0;
        this.mCacheEntry = 0;
        this.mMethod = p4;
        this.mUrl = p5;
        this.mErrorListener = p6;
        this.setRetryPolicy(new com.android.volley.DefaultRetryPolicy());
        this.mDefaultTrafficStatsTag = com.android.volley.Request.findDefaultTrafficStatsTag(p5);
        return;
    }

Method com.android.volley.Request.findDefaultTrafficStatsTag():


    private static int findDefaultTrafficStatsTag(String p3)
    {
        int v2_1;
        if (android.text.TextUtils.isEmpty(p3)) {
            v2_1 = 0;
        } else {
            android.net.Uri v1 = android.net.Uri.parse(p3);
            if (v1 == null) {
            } else {
                String v0 = v1.getHost();
                if (v0 == null) {
                } else {
                    v2_1 = v0.hashCode();
                }
            }
        }
        return v2_1;
    }

Method android.net.Uri.parse() not found.