Navgraph confusion allows any 3p app to send and read requests from the server at app.hey.com
Medium
B
Basecamp
Submitted None
Team Summary
Official summary from Basecamp
It is possible to send authenticated requests to the server at app.hey.com and read the server's reply by running a malicious app in the same device as the HEY app.
Actions:
Reported by
fr4via
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Deserialization of Untrusted Data