PT-2020-9803 · Unknown · Nutfind.Com
Published
2020-06-12
·
Updated
2020-06-22
·
CVE-2019-16252
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nutfind.com application versions 3.9.12 and earlier
Description
The issue allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data, due to missing SSL Certificate Validation in the Nutfind.com application.
Recommendations
For versions 3.9.12 and earlier, update to a version that includes SSL Certificate Validation to prevent man-in-the-middle attacks. As a temporary workaround, consider restricting access to sensitive data until a patch is available.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nutfind.Com