Lukas Futera

Researcher fromCentralway Numbrs AG
#18119of 53,633
15Total CVSS
Vulnerabilities · 2
High
2
PT-2017-16738
7.5
2017-04-06
Unknown · Starscream · CVE-2017-5887
**Name of the Vulnerable Software and Affected Versions** Starscream versions prior to 2.0.4 **Description** The issue concerns an SSL Pinning bypass in the WebSocket.swift file. This bypass occurs because the pinning is done in the stream function, which is too late, as it should be done in the initStreamsWithData function. **Recommendations** For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue.
PT-2017-17568
7.5
2017-04-06
Unknown · Starscream · CVE-2017-7192
**Name of the Vulnerable Software and Affected Versions** Starscream versions prior to 2.0.4 **Description** The issue arises from incorrect management of the `certValidated` variable in WebSocket.swift, allowing an SSL Pinning bypass. This occurs because the variable can be set to true but cannot be reset to false. **Recommendations** For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue.