Shunsuke Taniguchi

Researcher fromLAC Co., Ltd.
#21525of 53,638
11.2Total CVSS
Vulnerabilities · 2
Medium
2
PT-2014-6407
5.4
2014-09-24
Yuko Yuko · Yuko Yuko · CVE-2014-5323
**Name of the Vulnerable Software and Affected Versions** Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko android) versions 1.0.5 and earlier **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the application does not verify X.509 certificates from SSL servers. **Recommendations** For versions 1.0.5 and earlier, consider implementing certificate pinning or verifying X.509 certificates from SSL servers to prevent man-in-the-middle attacks. As a temporary workaround, restrict the application's access to sensitive information until a proper fix is applied.
PT-2013-4534
5.8
2013-06-10
Pizza Hut Japan · Pizza Hut Japan Official Order · CVE-2013-3641
**Name of the Vulnerable Software and Affected Versions** Pizza Hut Japan Official Order application versions prior to 1.1.1.a **Description** The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the application does not verify X.509 certificates from SSL servers. **Recommendations** For versions prior to 1.1.1.a, update to version 1.1.1.a or later to resolve the issue.