Summaryinfo

A vulnerability described as critical has been identified in Adways Party Track SDK up to 1.6.5 on iOS. This affects an unknown function of the component X.509 Certificate Chain Validation. The manipulation results in cryptographic issue. This vulnerability was named CVE-2015-5655. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Adways Party Track SDK up to 1.6.5 on iOS (iOS App Software). It has been classified as critical. Affected is an unknown code block of the component X.509 Certificate Chain Validation. The manipulation with an unknown input leads to a cryptographic issue vulnerability. CWE is classifying the issue as CWE-310. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

The weakness was presented 11/10/2015 (Website). The advisory is available at jvndb.jvn.jp. This vulnerability is traded as CVE-2015-5655 since 07/24/2015. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1600 by the MITRE ATT&CK project.

Upgrading to version 1.6.6 eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• iOS App Software

Vendor

• Adways Party Track

Name

• SDK

Version

• 1.6.0
• 1.6.1
• 1.6.2
• 1.6.3
• 1.6.4
• 1.6.5

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion