Pentest Report Cyph Mesenger | BOT24

Pentest Report Cyph Mesenger

“Cyph is a revolutionary new secure messenger, created to defend the world from mass
surveillance. Cyph lets you talk in absolute confidence. Carefully designed using highend
cryptography, Cyph protects your conversations against anything from nosy
neighbors to agencies armed with theoretical quantum attacks. Yet, Cyph remains
simple for anybody to use, and works on every device in one click — no installation or
registration required.”

This penetration test and source code audit against the Cyph codebase and
infrastructure was carried out by five testers of the Cure53 team. It took twelve days total
to complete and yielded an overall of nine security vulnerabilities, as well as four general
weaknesses. Several of the identified issues were classified to be of critical severity. This
is due to the fact an attacker could misuse these areas to compromise a server which is
of key importance for some features of the project. This means a capability to hinder
operational and functional value of the entire tool. It needs to be noted, however, that
three of the security vulnerabilities mentioned in this report (and that includes all of the
so called “criticals”) were resulting from the usage of an insecure third-party software,
namely the TURN server project “Coturn”.1

more here....................

Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment


Post a Comment