Reo Yoshida

**Name of the Vulnerable Software and Affected Versions** Mizuho Direct App for Android versions 3.13.0 and earlier **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the app does not verify server certificates. **Recommendations** For versions 3.13.0 and earlier, update to a version that verifies server certificates to prevent man-in-the-middle attacks.

**Name of the Vulnerable Software and Affected Versions** The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android versions 5.3.1, 5.2.2 and earlier **Description** The issue allows a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, potentially enabling the attacker to eavesdrop on an encrypted communication. **Recommendations** For versions 5.3.1, 5.2.2 and earlier, update the app to a version that enforces TLS v1.2 or later for communication with the server to prevent downgrade attacks.