Meatmeet Pro Mobile Application Lack of Certificate Validation Vulnerability

A vulnerability exists in the Meatmeet Pro mobile application version 1.1.2.0, due to improper certificate validation. This flaw allows interception of all traffic from the mobile app, enabling an adversary to decrypt TLS traffic, inspect its contents, and modify requests in transit. Such interception could lead to a complete compromise of the user's account, especially if authentication tokens are captured or if the MD5 hash used for login is cracked.

Impact

Exploitation of this vulnerability could result in unauthorized access to user accounts by intercepting and manipulating authentication tokens or cracking hashed passwords.

Reproduction

The vulnerability can be reproduced by using a network interception tool to capture and modify traffic between the Meatmeet Pro mobile application and its API server. This can be done by exploiting the lack of certificate pinning, which allows for a man-in-the-middle attack on the application's TLS communication.