CVE-2018-1000664

Name of the Vulnerable Software and Affected Versions DSub for Subsonic (Android client) version 5.4.1

Description The issue concerns improper certificate validation in the HTTPS client, allowing any non-CA signed server certificate, including self-signed and expired certificates, to be accepted by the client. This can be exploited when the victim connects to a server that is being MITM/Proxied by an attacker.

Recommendations For DSub for Subsonic (Android client) version 5.4.1, consider disabling the HTTPS client functionality until a patch is available that properly validates server certificates. Restrict connections to only trusted servers to minimize the risk of exploitation.