PT-2023-18851 · Selfwealth · Selfwealth Ios Mobile App

L00Neyhacker

Publicado

2023-02-01

Atualizado

2023-02-08

CVE-2023-23131

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Selfwealth iOS mobile App version 3.3.1

Description The issue concerns Insecure App Transport Security (ATS) Settings in the Selfwealth iOS mobile App. This means the app may not properly secure its communication, potentially allowing for interception or eavesdropping of sensitive data.

Recommendations For Selfwealth iOS mobile App version 3.3.1, consider updating the app's transport security settings to ensure all communications are properly encrypted and secure. As a temporary workaround, restrict the use of the app on unsecured networks until a more secure version is available.

Exploit

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2023-23131

Produtos afetados

Selfwealth Ios Mobile App

PT-2023-18851 · Selfwealth · Selfwealth Ios Mobile App

CVE-2023-23131

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5