PT-2017-15700 · Flash Seats · Flash Seats Mobile App For Android+1

Ronjor

Published

2017-12-15

Updated

2019-10-09

CVE-2017-3190

CVSS v3.1

7.5

High

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Flash Seats Mobile App for Android versions 1.7.9 and earlier Flash Seats Mobile App for iOS versions 1.9.51 and earlier

Description The issue is related to the failure of the Flash Seats Mobile App to properly validate SSL certificates provided by HTTPS connections. This failure may enable an attacker to conduct man-in-the-middle (MITM) attacks.

Recommendations For Android versions 1.7.9 and earlier, update to a version that properly validates SSL certificates. For iOS versions 1.9.51 and earlier, update to a version that properly validates SSL certificates.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2017-3190

Affected Products

Flash Seats Mobile App For Android

Flash Seats Mobile App For Ios

PT-2017-15700 · Flash Seats · Flash Seats Mobile App For Android+1

CVE-2017-3190

Weakness Enumeration

Related Identifiers

Affected Products

References · 5