SteemApp Beta [v2.0.3] & SteemApp Stable [v1.0.3] login bug

in #utopian-io6 years ago (edited)

Project Information

Repository: https://github.com/BoomApps-LLC/SteemApp-Android
Project Name: SteemApp
Publisher: https://github.com/BoomApps-LLC

Expected behavior

After entering any username and by using user post key only, user must not be able to log into SteemApp by using any username.

Actual behavior

After entering any username and by using only user post key, user is able to enter any Steemit account by just using the username of the the victim.

How to reproduce

  • download the app here
  • install the SteemApp Beta 2.0.3
  • Then open the app and enter any username you want to enter(In this case I'm using my 2nd account to reproduce this bug, because this is a big security issue of this app and any account can be targeted.)
  • After entering any username use your own post key by QR code or input private posting key .
  • Then click login.
  • Note that the user will be able to enter into the username account after log in by your post key but any username
  • Note that this issue is the same for SteemApp Stable v1.0.3

Browser/App version: SteemApp Beta v2.0.3
Operating system: Android 7.1.2 N2G47H

Recording Of The Bug

Proof of Work Done

Sort:  
Loading...

@kr-nahid you were flagged by a worthless gang of trolls, so, I gave you an upvote to counteract it! Enjoy!!

sir g really great post Keep it up

Coin Marketplace

STEEM 0.21
TRX 0.25
JST 0.038
BTC 97111.20
ETH 3382.29
USDT 1.00
SBD 3.20