Описание
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.5 (включая)
cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:*:android:*:*
Конфигурация 2Версия до 0.0.80w (включая)
cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:web:*:*:*
Конфигурация 3Версия до 0.0.86w (включая)
cpe:2.3:a:stashcat:heinekingmedia:*:*:*:*:desktop:*:*:*
EPSS
Процентиль: 37%
0.00156
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-345
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks.
EPSS
Процентиль: 37%
0.00156
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-345