![instapaper login instapaper login](https://www.type-together.com/resources_production/big/contenido/-2016/editorial/type-in-use/2013_adellesans_instapaper/2013_adellesans_instapaper_hor.jpg)
The application sets a SSLSocketFactory and uses a TrustManager without having any implementation for certification validation. If someone were to perform a man-in-the-middle attack, he could use a self-signed certificate and start “communicating” with the application. However, the vulnerability lies not in the way the application fetches content, but in the way it implements (or in this case, doesn’t implement) certificate validation.Īlthough the entire communication is handled via HTTPS, the app performs no certificate validation. Everyone who wants to use the application is required to sign-up and create an account to check out notes, liked articles or access other options. The application works by saving most web pages as text only and formatting their layout for tablets or phone screens. Instapaper allows users to save and store articles for reading, particularly for when they’re offline, on the go, or simply don’t have access to the Internet. The vulnerability may have serious consequences, especially if users have the same password for more than one account, leaving them potentially vulnerable to intrusions.
Instapaper login android#
The Bitdefender Research team analyzed popular Android app Instapaper and found it can be vulnerable to man-in-the-middle attacks that could expose users’ signup/login credentials when they try to log in into their accounts.