• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

WhatsApp以明文形式存储2FA的代码


Xinian

Recommended Posts

代码在拥有者拥有超级用户权限的设备上可见。


早在2017年,WhatsApp便采用了双重身份验证机制,旨在为数百万即时通讯用户提供更高级别的安全性。但是,如最近发现的那样,该机制的实现存在严重缺陷。

据 报道 在明确的双因素认证的Twitter用户,WhatsApp的店安全码(在iOS设备在/ var /移动/集装箱/数据 /应用/ WHATSAPP /库, 上的/数据/数据/应用程序/ COM Android的设备 。 whatsapp / shared_prefs / com.whatsapp_preferences.xml)。

带有代码的文本文件存储在沙箱中,因此其他应用程序无法访问它。此外,该文件的副本不会保存在常规WhatsApp备份中。另一方面,代码在所有者拥有超级用户权限的Android设备上可见。即,具有超级用户特权的应用程序可以访问代码文件。IOS可能也存在允许第三方应用程序访问文件的漏洞,因此WhatsApp开发人员应加密该文件,以避免可能的负面影响。

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now