PT-2010-5359 · Paypal · Paypal
Published
2010-11-08
·
Updated
2017-08-17
·
CVE-2010-4211
CVSS v2.0
2.9
Low
| Vector | AV:A/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PayPal app version prior to 3.0.1 for iOS
Description
The issue concerns a failure to verify that the server hostname matches the domain name of the subject of an X.509 certificate. This allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
Recommendations
For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Paypal