PT-2017-11764 · Heinekingmedia · Stashcat
Karsten König
·
Publicado
2017-08-01
·
Atualizado
2019-10-03
·
CVE-2017-11130
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
heinekingmedia StashCat versions 1.7.5 and earlier for Android
heinekingmedia StashCat versions 0.0.80w and earlier for Web
heinekingmedia StashCat versions 0.0.86 and earlier for Desktop
Description
The issue concerns the product's protocol, which only ensures confidentiality but lacks integrity and authenticity checks. This allows man-in-the-middle attackers to conduct replay attacks.
Recommendations
For heinekingmedia StashCat versions 1.7.5 and earlier for Android, update to a version that includes integrity and authenticity checks in its protocol.
For heinekingmedia StashCat versions 0.0.80w and earlier for Web, update to a version that includes integrity and authenticity checks in its protocol.
For heinekingmedia StashCat versions 0.0.86 and earlier for Desktop, update to a version that includes integrity and authenticity checks in its protocol.
Correção
Insufficient Verification of Data Authenticity
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Stashcat