Meatmeet Pro Mobile Application Sensitive Information Disclosure Vulnerability

A vulnerability exists in the Meatmeet Pro mobile application version 1.1.2.0, where sensitive information is insecurely stored in memory. After a user logs out and the application is terminated, a memory dump can be performed to retrieve Wi-Fi credentials, JSON Web Tokens (JWTs) used for authentication, and other sensitive information. This vulnerability allows an attacker with physical access to the device to gain unauthorized access to the user's home Wi-Fi network and Meatmeet account.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the victim's home Wi-Fi network and Meatmeet account, using retrieved Wi-Fi credentials and authentication tokens.

Reproduction

To reproduce this vulnerability, log into the Meatmeet Pro mobile application and pair a Meatmeet device. After pairing, log out of the application and ensure it is fully terminated. Once the application is closed, perform a memory dump of the application. The dumped memory will contain Wi-Fi credentials, JWTs, and other sensitive information that can be extracted and used to gain unauthorized access to the user's Wi-Fi network and Meatmeet account.