PT-2017-15706 · Space Coast Credit Union · Space Coast Credit Union Mobile App

Will Strafach

Publicado

2017-05-05

Atualizado

2020-06-24

CVE-2017-3212

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Space Coast Credit Union Mobile app version 2.2 for iOS Space Coast Credit Union Mobile app version 2.1.0.1104 for Android

Description The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the app does not verify X.509 certificates from SSL servers.

Recommendations For version 2.2 on iOS, update the app to a version that properly verifies X.509 certificates. For version 2.1.0.1104 on Android, update the app to a version that properly verifies X.509 certificates.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2017-3212

Produtos afetados

Space Coast Credit Union Mobile App

PT-2017-15706 · Space Coast Credit Union · Space Coast Credit Union Mobile App

CVE-2017-3212

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5