PT-2020-18501 · Awms · Awms Mobile App

Published

2020-01-31

Updated

2020-02-10

CVE-2020-5526

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions AWMS Mobile App for Android versions 2.0.0 through 2.0.5 AWMS Mobile App for iOS versions 2.0.0 through 2.0.8

Description The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate because the app does not verify X.509 certificates from servers.

Recommendations For Android versions 2.0.0 through 2.0.5, update the app to a version that verifies X.509 certificates from servers. For iOS versions 2.0.0 through 2.0.8, update the app to a version that verifies X.509 certificates from servers.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2020-5526

Affected Products

Awms Mobile App

PT-2020-18501 · Awms · Awms Mobile App

CVE-2020-5526

Weakness Enumeration

Related Identifiers

Affected Products

References · 5