PT-2018-5480 · Hi Security · Hi Security Virus Cleaner - Antivirus

Published

2018-08-15

Updated

2019-10-09

CVE-2017-13105

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Hi Security Virus Cleaner - Antivirus, Booster version 3.7.1.1329

Description: The Android application accepts all SSL certificates during SSL communication, making it susceptible to a man-in-the-middle attack. This allows an attacker to intercept and read all of the application's encrypted traffic.

Recommendations: For version 3.7.1.1329, consider disabling SSL communication until a patch is available that properly validates SSL certificates to prevent man-in-the-middle attacks. Restrict access to sensitive data exchanged by the application to minimize the risk of exploitation.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2017-13105

Affected Products

Hi Security Virus Cleaner - Antivirus

PT-2018-5480 · Hi Security · Hi Security Virus Cleaner - Antivirus

CVE-2017-13105

Weakness Enumeration

Related Identifiers

Affected Products

References · 3