In theory, this may not be a vulnerability. It should be considered that Mi chat is not rigorous enough to handle this issue. After all, the wifi phishing trend is a bit hot now, so we should pay attention to it.
Login authentication and Address Book transmission are all MD5 encryption at a time, which can be captured and used in public WIFI Environments
Detailed description:
As we all know, MD5 and plain text have almost been allocated an equal sign, and Mi chat is verifying this part, and even the address book transmission uses simple md5 encryption for Transmission security is not enough. The attacker can capture packets in the WIFI environment to obtain the logon id pwd and the corresponding address book;
In this regard, we have done a good job.
Proof of vulnerability:
Solution:
1. Log On either through SSL or by changing the encryption algorithm.
2. Address Book, you know.
For more information, see
Author ReJeCt