CVE-2012-5810

Name of the Vulnerable Software and Affected Versions Chase mobile banking application for Android (affected versions not specified)

Description The issue concerns a failure to verify the server hostname against the domain name in the X.509 certificate's Common Name (CN) or subjectAltName field. This allows man-in-the-middle attackers to spoof SSL servers using any valid certificate, due to the override of the default X509TrustManager. It is noted that this issue was fixed in the summer of 2012.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.