CVE-2014-6023 in credit rating report
Сводка (Английский)
The s-peek credit rating report (aka com.rhomobile.speek) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Резервировать
30.08.2014
Раскрытие
22.09.2014
Статус
Подтверждённый
Записи
VulDB provides additional information and datapoints for this CVE:
| ИД | Уязвимость | CWE | Экс | Кон | CVE |
|---|---|---|---|---|---|
| 71424 | s-peek credit rating report X.509 Certificate слабое шифрование | 310 | Не определено | Не определено | CVE-2014-6023 |