Summary
WeiboDialog.java unconditionally calls handler.proceed() in the onReceivedSslError callback. OAuth redirect carries access_token through unverified WebView. This allows any self-signed certificate to be accepted during OAuth login.
Impact
OAuth access tokens exposed to MITM via malicious WiFi or proxy. Attacker gains account access.
Remediation
Do not proceed on SSL errors. Display user warning or reject the connection. Full report available.
Summary
WeiboDialog.javaunconditionally callshandler.proceed()in theonReceivedSslErrorcallback. OAuth redirect carries access_token through unverified WebView. This allows any self-signed certificate to be accepted during OAuth login.Impact
OAuth access tokens exposed to MITM via malicious WiFi or proxy. Attacker gains account access.
Remediation
Do not proceed on SSL errors. Display user warning or reject the connection. Full report available.