PT-2017-9363 · Bank Of Tokyo Mitsubishi Ufj · The Bank Of Tokyo-Mitsubishi Ufj

Reo Yoshida

Publicado

2017-08-02

Atualizado

2017-08-07

CVE-2016-7812

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android versions 5.3.1, 5.2.2 and earlier

Description The issue allows a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, potentially enabling the attacker to eavesdrop on an encrypted communication.

Recommendations For versions 5.3.1, 5.2.2 and earlier, update the app to a version that enforces TLS v1.2 or later for communication with the server to prevent downgrade attacks.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2016-7812

Produtos afetados

The Bank Of Tokyo-Mitsubishi Ufj

PT-2017-9363 · Bank Of Tokyo Mitsubishi Ufj · The Bank Of Tokyo-Mitsubishi Ufj

CVE-2016-7812

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4