PT-2017-9363 · Bank Of Tokyo Mitsubishi Ufj · The Bank Of Tokyo-Mitsubishi Ufj

Reo Yoshida

Published

2017-08-02

Updated

2017-08-07

CVE-2016-7812

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android versions 5.3.1, 5.2.2 and earlier

Description The issue allows a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, potentially enabling the attacker to eavesdrop on an encrypted communication.

Recommendations For versions 5.3.1, 5.2.2 and earlier, update the app to a version that enforces TLS v1.2 or later for communication with the server to prevent downgrade attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2016-7812

Affected Products

The Bank Of Tokyo-Mitsubishi Ufj

PT-2017-9363 · Bank Of Tokyo Mitsubishi Ufj · The Bank Of Tokyo-Mitsubishi Ufj

CVE-2016-7812

Weakness Enumeration

Related Identifiers

Affected Products

References · 4