TimeDoctor Pro 1.4.72.3 Insecure Transport

TimeDoctor autoupdate feature downloads and executes files over plain HTTP and doesn’t perform any check with the files. An attacker with MITM capabilities (i.e., when user connects to a public wifi) could override the Timedoctor subdomain and then execute custom binaries on the machine where the application is running.

Leave a Reply