CVE-2017-8059

Name of the Vulnerable Software and Affected Versions Foxit PDF - PDF reader, editor, form, signature versions prior to 5.4

Description The issue allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information, including username and password, as well as the static authentication token if the user is already logged in, due to the acceptance of invalid or self-signed TLS certificates.

Recommendations For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider disabling the use of TLS certificates until a patch is available. Restrict access to sensitive information when using the affected application to minimize the risk of exploitation.