PT-2018-17301 · Tinder · Tinder Android App+1

Erez Yalon

Publicado

2018-01-24

Atualizado

2019-10-03

CVE-2018-6018

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Tinder iOS app (affected versions not specified) Tinder Android app (affected versions not specified)

Description The issue allows an attacker to extract private sensitive information by sniffing network traffic due to fixed sizes of HTTPS responses.

Recommendations For Tinder iOS app, update to a version that includes a fix for this issue, if available. For Tinder Android app, update to a version that includes a fix for this issue, if available. As a temporary workaround, consider using a virtual private network (VPN) to encrypt network traffic and minimize the risk of exploitation.

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319

Identificadores relacionados

CVE-2018-6018

Produtos afetados

Tinder Android App

Tinder Ios App

PT-2018-17301 · Tinder · Tinder Android App+1

CVE-2018-6018

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3