CVE-2019-18800

Name of the Vulnerable Software and Affected Versions Viber versions through 11.7.0.5

Description The issue allows a remote attacker who can capture a victim's internet traffic to steal their Viber account. This is because not all Viber protocol traffic is encrypted. Specifically, TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. An attacker can exploit this by capturing the traffic, extracting the udid, and then using it to register the victim's phone number on their own device by modifying the viber udid file.

Recommendations For Viber versions through 11.7.0.5, as a temporary workaround, consider restricting access to the Viber protocol traffic to minimize the risk of exploitation. Additionally, users should be cautious when using public Wi-Fi networks to avoid potential traffic capture. At the moment, there is no information about a newer version that contains a fix for this vulnerability.