Mobile Knowledge's TaxiHail is vulnerable to information disclosure and missing encryption of sensitive data.
The Mobile Knowledge TaxiHail framework "allows passengers to book and manage their own reservations via iOS, android or the web in real-time, alleviating call congestion during peak busy hours."
TaxiHail prior to version 3.1.26 has been reported vulnerable to the following issues:
An unauthenticated remote attacker may be able to gain private knowledge of the app user, and sniff network traffic from the app.
Apply an update
Thanks to the Shaftek Security Research Team for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2015-12-08|
|Date Last Updated:||2015-12-08 15:38 UTC|