exploitDog

GHSA-xxf4-9wwx-fqpj

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

EPSS

Процентиль: 10%

0.00036

Низкий

CVE ID

Связанные уязвимости

CVE-2014-6731

nvd

почти 11 лет назад

The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS

Процентиль: 10%

0.00036

Низкий

CVE ID