Meatmeet Pro Mobile Application Clear Text Traffic Vulnerability

A vulnerability exists in the Meatmeet Pro mobile application version 1.1.2.0, allowing clear text traffic to all domains. The application communicates with an API server over HTTP, which can be intercepted by an adversary upstream. This interception could lead to a complete compromise of the user's account if authentication tokens are captured or if the MD5 hash used for login is cracked.

Impact

Exploitation of this vulnerability could result in a total compromise of the user's account on the Meatmeet Pro mobile application.

Reproduction

The vulnerability can be reproduced by using a network monitoring tool to intercept and inspect the unencrypted HTTP traffic between the Meatmeet Pro mobile application and the API server. This can be done by placing the interception tool 'upstream' of the application, such as through a proxy or by using a man-in-the-middle attack that exploits the lack of encryption.