PT-2017-6604 · Restkit · Restkit

Dstufftopen

Published

2017-08-09

Updated

2022-05-17

CVE-2015-2674

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Restkit (affected versions not specified)

Description The issue allows man-in-the-middle attackers to spoof TLS servers by leveraging the use of the ssl.wrap socket function in Python with the default CERT NONE value for the cert reqs argument. This enables attackers to intercept and alter communication between the client and server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2015-2674

GHSA-P9CV-HRXR-FXX8

PYSEC-2017-69

Affected Products

Restkit

PT-2017-6604 · Restkit · Restkit

CVE-2015-2674

Weakness Enumeration

Related Identifiers

Affected Products

References · 11