PT-2017-15700 · Flash Seats · Flash Seats Mobile App For Android+1

Ronjor

Publicado

2017-12-15

Atualizado

2019-10-09

CVE-2017-3190

CVSS v3.1

7.5

Alta

Vetor

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Flash Seats Mobile App for Android versions 1.7.9 and earlier Flash Seats Mobile App for iOS versions 1.9.51 and earlier

Description The issue is related to the failure of the Flash Seats Mobile App to properly validate SSL certificates provided by HTTPS connections. This failure may enable an attacker to conduct man-in-the-middle (MITM) attacks.

Recommendations For Android versions 1.7.9 and earlier, update to a version that properly validates SSL certificates. For iOS versions 1.9.51 and earlier, update to a version that properly validates SSL certificates.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2017-3190

Produtos afetados

Flash Seats Mobile App For Android

Flash Seats Mobile App For Ios

PT-2017-15700 · Flash Seats · Flash Seats Mobile App For Android+1

CVE-2017-3190

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5