PT-2018-17301 · Tinder · Tinder Android App+1

Erez Yalon

Published

2018-01-24

Updated

2019-10-03

CVE-2018-6018

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Tinder iOS app (affected versions not specified) Tinder Android app (affected versions not specified)

Description The issue allows an attacker to extract private sensitive information by sniffing network traffic due to fixed sizes of HTTPS responses.

Recommendations For Tinder iOS app, update to a version that includes a fix for this issue, if available. For Tinder Android app, update to a version that includes a fix for this issue, if available. As a temporary workaround, consider using a virtual private network (VPN) to encrypt network traffic and minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2018-6018

Affected Products

Tinder Android App

Tinder Ios App

PT-2018-17301 · Tinder · Tinder Android App+1

CVE-2018-6018

Weakness Enumeration

Related Identifiers

Affected Products

References · 3