PT-2017-11764 · Heinekingmedia · Stashcat
Karsten König
·
Published
2017-08-01
·
Updated
2019-10-03
·
CVE-2017-11130
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
heinekingmedia StashCat versions 1.7.5 and earlier for Android
heinekingmedia StashCat versions 0.0.80w and earlier for Web
heinekingmedia StashCat versions 0.0.86 and earlier for Desktop
Description
The issue concerns the product's protocol, which only ensures confidentiality but lacks integrity and authenticity checks. This allows man-in-the-middle attackers to conduct replay attacks.
Recommendations
For heinekingmedia StashCat versions 1.7.5 and earlier for Android, update to a version that includes integrity and authenticity checks in its protocol.
For heinekingmedia StashCat versions 0.0.80w and earlier for Web, update to a version that includes integrity and authenticity checks in its protocol.
For heinekingmedia StashCat versions 0.0.86 and earlier for Desktop, update to a version that includes integrity and authenticity checks in its protocol.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stashcat