Neon · Neon · CVE-2018-5258
**Name of the Vulnerable Software and Affected Versions**
Neon app version 1.6.14
**Description**
The issue allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate because the app does not verify X.509 certificates from SSL servers.
**Recommendations**
For Neon app version 1.6.14, update to a version that properly verifies X.509 certificates to prevent server spoofing.