PT-2017-15706 · Space Coast Credit Union · Space Coast Credit Union Mobile App

Will Strafach

Published

2017-05-05

Updated

2020-06-24

CVE-2017-3212

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Space Coast Credit Union Mobile app version 2.2 for iOS Space Coast Credit Union Mobile app version 2.1.0.1104 for Android

Description The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the app does not verify X.509 certificates from SSL servers.

Recommendations For version 2.2 on iOS, update the app to a version that properly verifies X.509 certificates. For version 2.1.0.1104 on Android, update the app to a version that properly verifies X.509 certificates.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2017-3212

Affected Products

Space Coast Credit Union Mobile App

PT-2017-15706 · Space Coast Credit Union · Space Coast Credit Union Mobile App

CVE-2017-3212

Weakness Enumeration

Related Identifiers

Affected Products

References · 5