1
1

Dear Support Team,

We are planning to use Open Foris Arena Mobile on Android in our environment. As we work in an administrative network, we are obliged to have the app tested and approved by the responsible CISO.

Now the test report has come back with the feedback that the app is not approved. We can safely ignore many of the comments. However, when reviewing the audit report in the OWASP summary (pages 5 and 6), we noticed points M6 and M9. These state that there is a hard-coded backdoor in the application that allows a user to gain full access to the smartphone. Understandably, this is not allowed for IT security reasons.

Are you aware of this backdoor? What can we do to close this vulnerability?

I would love to hear from you. You can download the report here: https://ldi-safe.rlp.de/index.php/s/ocJRCn6kNBXfXfd.

Best regards, Markus Klein

asked 20 Mar, 14:29

mklein's gravatar image

mklein
312
accept rate: 0%


Dear Markus,
We will contact you to your private email address to better understand this issue and to get access to the report (the link doesn't work).
Many thanks,
Open Foris Team

permanent link

answered 20 Mar, 15:26

Stefano%20%28OF%29's gravatar image

Stefano (OF) ♦♦
4.8k119
accept rate: 19%

Sorry, here is the correct link... https://ldi-safe.rlp.de/index.php/s/ocJRCn6kNBXfXfd

permanent link

answered 20 Mar, 15:38

mklein's gravatar image

mklein
312
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×46

question asked: 20 Mar, 14:29

question was seen: 857 times

last updated: 20 Mar, 15:38