The security team identified that the SSL Pinning mechanism is not robust enough. Dynamic tests have shown that it is possible to bypass this restriction using standard instrumentation tools (such as Frida or Objection) on a controlled terminal, allowing the inspection of encrypted streams.
Hey @aissa bourahla, thanks for posting this. As this relates to SSL Pinning Plugin and potential security concerns, can you please reach out to OutSystems support and share all information you can with them, in order to address this situation?
Thanks!