| Title | Consumer Comanda Mobile 14.7.1.4 – 15.0.0.8 Insecure Cookie Transmission |
|---|
| Description | The Comanda Mobile module of the Consumer system transmits session cookies in cleartext over HTTP, allowing attackers on the same local network to intercept valid session tokens and impersonate authenticated users without needing credentials.
This vulnerability affects versions from x.x.x.x to the latest x.x.x.x, and no patch has been provided by the vendor. Notably, cookies such as AppCookie Mobile, _RequestVerificationToken, and others persist across sessions and allow full access to authenticated functionalities, making them critical targets in local network attacks. In a typical restaurant environment, where multiple employee devices connect over the same internal Wi-Fi network, it is possible for an attacker to intercept these cookies using basic network sniffing tools (e.g., Wireshark). Once obtained, these tokens can be reused by an attacker in their browser to bypass authentication entirely, without needing to capture the user's login credentials.
This vulnerability persists even if the login page is secured, since session cookies continue to be transmitted in plaintext HTTP after authentication.
Reported to vendor in September 2024. No response or patch provided as of April 2025 and the last/new version 15.0.0.8. |
|---|
| Source | ⚠️ https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 |
|---|
| User | davimo (UID 79678) |
|---|
| Submission | 04/06/2025 18:49 (1 Year ago) |
|---|
| Moderation | 04/06/2025 19:32 (43 minutes later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 303543 [Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8 Restaurant Order Login/Password cleartext transmission] |
|---|
| Points | 0 |
|---|