CVE-2020-5523

Name of the Vulnerable Software and Affected Versions MyPallete (affected versions not specified) Some Android banking applications based on MyPallete (affected versions not specified)

Description The issue concerns the failure to verify X.509 certificates from servers and improper validation of certificates with host-mismatch. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Recommendations For MyPallete, ensure proper validation of X.509 certificates from servers and implement host-mismatch checks to prevent man-in-the-middle attacks. For Android banking applications based on MyPallete, consider disabling or restricting the use of the vulnerable certificate validation mechanism until a proper fix is implemented. As a temporary workaround, restrict access to sensitive information and consider using additional security measures to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.