- Feb 4, 2016
- 2,520
A vulnerability in the Sky Go Windows desktop application which leaks session data including usernames has been disclosed by a researcher.
According to application security expert Sean Wright, the security flaw, CVE-2018-18908, relates to the transfer of data in plain text.
The desktop application performs several requests over plain HTTP. Without any form of encryption in place, any information sent via these requests is not hashed or protected, leaving users open to attack.