CVE-2014-3908 in Amazon Kindle App
Summary
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Reservation
05/27/2014
Disclosure
08/30/2014
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 67433 | Amazon Kindle App SSL Certificate cryptographic issue | 310 | Unproven | Official fix | CVE-2014-3908 |