PT-2017-6604 · Restkit · Restkit
Dstufftopen
·
Publicado
2017-08-09
·
Atualizado
2022-05-17
·
CVE-2015-2674
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Restkit (affected versions not specified)
Description
The issue allows man-in-the-middle attackers to spoof TLS servers by leveraging the use of the
ssl.wrap socket function in Python with the default CERT NONE value for the cert reqs argument. This enables attackers to intercept and alter communication between the client and server.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Certificate Validation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Restkit