Physical Access to Mobile App Allows Local Attribute Updates without Authentication
None
U
Uber
Submitted None
Team Summary
Official summary from Uber
Physical access to mobile device allows attacker to replace boolean flag to update firstname,lastname, email and mobile number in app only - not changed on backend.
Actions:
Reported by
jigarthakkar39
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authentication - Generic