CVE-2023-28153

CVE-2023-28153 is a vulnerability in the software of Kiddoware's "Kids Place" application. This vulnerability allows a child user to remove all restrictions temporarily without the parent's notice. This flaw arises due to weak password security practices, where the passwords are stored as MD5 hashes. Additionally, the vulnerability can be exploited by rebooting into Android Safe Mode if Android settings are blocked. The proof of concept for this vulnerability involves sending an HTTP request to change the password and receiving an MD5 hash of the password as a response. Once a child user gains access to the account, they can disable app restrictions without the parent's knowledge by following specific steps, including rebooting into Android Safe Mode. This vulnerability poses a significant risk to parents who rely on "Kids Place" to restrict their children's device usage. If exploited, it could lead to unintended exposure to inappropriate content, online predators, and addiction to technology. To mitigate this vulnerability, Kiddoware should update its password storage mechanism and implement stronger password policies, among other security measures.