#401940 [Venmo Android] Remote theft of user session

#401940

[Venmo Android] Remote theft of user session

State	Resolved (Closed)
Disclosed publicly	2019-02-07T23:05:45.457Z
Reported To	PayPal
Weakness	none
Bounty	$10,000

Collapse

Summary by bagipro

A URL activity in the Venmo application used the built-in android.net.Uri parser, which has a known logic problem with certain characters. If an external URL were passed from a website or other app on the device to the application activity, the app would open the URL without properly validating the destination. This could expose some session data to a third party.

Timeline

submitted a report to PayPal .

2018-08-28T22:15:18.850Z

Regards,
Frans

0 attachments:

lollipup Activities::ReportSeverityUpdated

2018-08-31T13:33:53.968Z

lollipup Activities::BugTriaged

2018-08-31T13:35:24.771Z

space_pp Activities::Comment

2018-08-31T17:38:15.585Z

Activities::BountyAwarded

2018-08-31T17:53:17.760Z

bagipro Activities::Comment

2018-08-31T17:53:18.836Z

bagipro Activities::Comment

2018-08-31T17:53:40.243Z

greentea Activities::ReassignedToTeam

2018-11-15T20:21:58.571Z

bagipro Activities::Comment

2018-11-16T06:54:11.358Z

greentea Activities::ReassignedToTeam

2018-11-16T15:13:02.406Z

space_pp Activities::BugResolved

2018-11-27T19:39:33.638Z

bagipro Activities::Comment

2018-11-27T19:44:28.415Z

bagipro Activities::AgreedOnGoingPublic

2019-01-12T20:59:37.899Z

space_pp Activities::AgreedOnGoingPublic

2019-02-07T23:05:45.317Z

space_pp Activities::ReportBecamePublic

2019-02-07T23:05:45.486Z