PT-2017-16758 · Banco De Costa Rica · Bcr Movil
Published
2017-05-05
·
Updated
2017-05-17
·
CVE-2017-5918
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Banco de Costa Rica BCR Movil app version 3.7 for iOS
Description
The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, as the app does not verify X.509 certificates from SSL servers.
Recommendations
For Banco de Costa Rica BCR Movil app version 3.7 for iOS, consider disabling the use of SSL connections until a patch is available that properly verifies X.509 certificates.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bcr Movil