TechNewsHeaven {{}}

Insecure RSA Conference app leaked attendee data
2018-04-20T17:46:04+00:00 - Sean Gallagher / Ars Technica
A mobile application built by a third party for the RSA security conference in San Francisco this week was found to have a few security issues of its own—including hard-coded security keys and passwords that allowed a researcher to extract the conference's attendee list. The vulnerability was discovered (at least publicly) by a security engineer who tweeted discoveries during an examination of the RSA conference mobile app, which was developed by Eventbase Technology. Within four hours of the disclosure, Eventbase had fixed the data leak—an API call that allowed anyone to download data with attendee information. While the SQLite database downloaded was encrypted, another API call provided that key. This is the second time an RSA mobile application has leaked attendee data.

Your favorite news

Popular news

Recommended news