Catching authTokens in the wild - Universität Ulm

Note that this vulnerability is not limited to standard Android apps but pertains to any Android apps and also desktop applications that make use of Google services via the ClientLogin protocol over HTTP rather than HTTPS. For example, the Google Calendar provider for Thunderbird if Google Calendar URLs are used without leading "https". Collecting authTokens To collect such authTokens on a large

[kaito834]

2011年5月に発覚した ClientLogin Authentication Protocol における平文送信問題。「The attack is very similar to stealing session cookies of websites (Sidejacking). The feasibility of Sidejacking attacks against well-known websites such as Facebook or Twitter...」

[sippu]

Catching authTokens in the wild