Dear Support Team, We are planning to use Open Foris Arena Mobile on Android in our environment. As we work in an administrative network, we are obliged to have the app tested and approved by the responsible CISO. Now the test report has come back with the feedback that the app is not approved. We can safely ignore many of the comments. However, when reviewing the audit report in the OWASP summary (pages 5 and 6), we noticed points M6 and M9. These state that there is a hard-coded backdoor in the application that allows a user to gain full access to the smartphone. Understandably, this is not allowed for IT security reasons. Are you aware of this backdoor? What can we do to close this vulnerability? I would love to hear from you. You can download the report here: https://ldi-safe.rlp.de/index.php/s/ocJRCn6kNBXfXfd. Best regards, Markus Klein asked 20 Mar, 14:29 mklein |
Dear Markus, answered 20 Mar, 15:26 Stefano (OF) ♦♦ |
Sorry, here is the correct link... https://ldi-safe.rlp.de/index.php/s/ocJRCn6kNBXfXfd answered 20 Mar, 15:38 mklein |