| 제목 | Consumer Comanda Mobile 14.7.1.4 – 15.0.0.8 Insecure Cookie Transmission |
|---|
| 설명 | The Comanda Mobile module of the Consumer system transmits session cookies in cleartext over HTTP, allowing attackers on the same local network to intercept valid session tokens and impersonate authenticated users without needing credentials.
This vulnerability affects versions from x.x.x.x to the latest x.x.x.x, and no patch has been provided by the vendor. Notably, cookies such as AppCookie Mobile, _RequestVerificationToken, and others persist across sessions and allow full access to authenticated functionalities, making them critical targets in local network attacks. In a typical restaurant environment, where multiple employee devices connect over the same internal Wi-Fi network, it is possible for an attacker to intercept these cookies using basic network sniffing tools (e.g., Wireshark). Once obtained, these tokens can be reused by an attacker in their browser to bypass authentication entirely, without needing to capture the user's login credentials.
This vulnerability persists even if the login page is secured, since session cookies continue to be transmitted in plaintext HTTP after authentication.
Reported to vendor in September 2024. No response or patch provided as of April 2025 and the last/new version 15.0.0.8. |
|---|
| 원천 | ⚠️ https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 |
|---|
| 사용자 | davimo (UID 79678) |
|---|
| 제출 | 2025. 04. 06. PM 06:49 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 06. PM 07:32 (43 minutes later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 303543 [Consumer Comanda Mobile 까지 14.9.3.2/15.0.0.8 Restaurant Order Login/Password 약한 암호화] |
|---|
| 포인트들 | 0 |
|---|