CVE-2014-6659

Name of the Vulnerable Software and Affected Versions Defence.pk (aka com.tapatalk.defencepkforums) version 2.4.13.1

Description The application does not verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Recommendations For version 2.4.13.1, consider disabling the application's SSL connection feature until a patch is available that properly verifies X.509 certificates. Restrict access to sensitive information within the application to minimize the risk of exploitation.