Описание
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-4211
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63002
- http://itunes.apple.com/us/app/paypal/id283646709
- http://news.cnet.com/8301-27080_3-20021730-245.html
- http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html
- http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html
- http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html
- http://www.securityfocus.com/bid/44657
- http://www.vupen.com/english/advisories/2010/2887
Связанные уязвимости
nvd
около 15 лет назад
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.