SteemApp Beta [v2.0.3] & SteemApp Stable [v1.0.3] login bug
Project Information
Repository: https://github.com/BoomApps-LLC/SteemApp-Android
Project Name: SteemApp
Publisher: https://github.com/BoomApps-LLC
Expected behavior
After entering any username and by using user post key only, user must not be able to log into SteemApp by using any username.
Actual behavior
After entering any username and by using only user post key, user is able to enter any Steemit account by just using the username of the the victim.
How to reproduce
- download the app here
- install the SteemApp Beta 2.0.3
- Then open the app and enter any username you want to enter(In this case I'm using my 2nd account to reproduce this bug, because this is a big security issue of this app and any account can be targeted.)
- After entering any username use your own post key by QR code or input private posting key .
- Then click login.
- Note that the user will be able to enter into the username account after log in by your post key but any username
- Note that this issue is the same for SteemApp Stable v1.0.3
Browser/App version: SteemApp Beta v2.0.3
Operating system: Android 7.1.2 N2G47H
Recording Of The Bug
Proof of Work Done
- My GitHub account - GITHUB
- The issue has been reported here: https://github.com/BoomApps-LLC/SteemApp-Android/issues/20
upvote for me please? https://steemit.com/news/@bible.com/2sysip
@kr-nahid you were flagged by a worthless gang of trolls, so, I gave you an upvote to counteract it! Enjoy!!
sir g really great post Keep it up