PT-2017-8535 · Dmmfx+1 · Dmmfx Trade+2
Gaku Taniguchi
·
Published
2017-04-20
·
Updated
2017-04-26
·
CVE-2016-4818
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DMMFX Trade for Android versions 1.5.0 and earlier
DMMFX DEMO Trade for Android versions 1.5.0 and earlier
GAITAMEJAPAN FX Trade for Android versions 1.4.0 and earlier
Description
The issue is related to the failure to verify SSL certificates. This could potentially allow for man-in-the-middle attacks.
Recommendations
For DMMFX Trade for Android versions 1.5.0 and earlier, update to a version that properly verifies SSL certificates.
For DMMFX DEMO Trade for Android versions 1.5.0 and earlier, update to a version that properly verifies SSL certificates.
For GAITAMEJAPAN FX Trade for Android versions 1.4.0 and earlier, update to a version that properly verifies SSL certificates.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dmmfx Demo Trade
Dmmfx Trade
Gaitamejapan Fx Trade