PT-2017-8535 · Dmmfx+1 · Dmmfx Trade+2
Gaku Taniguchi
·
Publicado
2017-04-20
·
Atualizado
2017-04-26
·
CVE-2016-4818
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DMMFX Trade for Android versions 1.5.0 and earlier
DMMFX DEMO Trade for Android versions 1.5.0 and earlier
GAITAMEJAPAN FX Trade for Android versions 1.4.0 and earlier
Description
The issue is related to the failure to verify SSL certificates. This could potentially allow for man-in-the-middle attacks.
Recommendations
For DMMFX Trade for Android versions 1.5.0 and earlier, update to a version that properly verifies SSL certificates.
For DMMFX DEMO Trade for Android versions 1.5.0 and earlier, update to a version that properly verifies SSL certificates.
For GAITAMEJAPAN FX Trade for Android versions 1.4.0 and earlier, update to a version that properly verifies SSL certificates.
Correção
Improper Certificate Validation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dmmfx Demo Trade
Dmmfx Trade
Gaitamejapan Fx Trade