Dai Nakamura

**Name of the Vulnerable Software and Affected Versions** MyPallete (affected versions not specified) Some Android banking applications based on MyPallete (affected versions not specified) **Description** The issue concerns the failure to verify X.509 certificates from servers and improper validation of certificates with host-mismatch. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. **Recommendations** For MyPallete, ensure proper validation of X.509 certificates from servers and implement host-mismatch checks to prevent man-in-the-middle attacks. For Android banking applications based on MyPallete, consider disabling or restricting the use of the vulnerable certificate validation mechanism until a proper fix is implemented. As a temporary workaround, restrict access to sensitive information and consider using additional security measures to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.