port open on localhost

port open on localhost

Risk: potentially

Description

The application has started servers listening on localhost. Access to the open port is not restricted to other applications on the phone, which may be exploited to perform unauthorized actions.

Drive-by attacks using the browser and DNS rebinding are forms of exploitation techniques that can be used to access the open ports remotely.

Recommendation

Access to the port should be restricted to authorized applications only. It is also critical to ensure the server is immune from vulnerabilities and does not expose any critical functionality.

Links

Standards

• OWASP_MASVS_L1:
  • MSTG_NETWORK_1
  • MSTG_NETWORK_2
• OWASP_MASVS_L2:
  • MSTG_NETWORK_1
  • MSTG_NETWORK_2