Описание
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Ссылки
- Broken LinkThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.3 (включая)
Одновременно
cpe:2.3:a:iid:rbb_speed_test:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.1 (включая)
Одновременно
cpe:2.3:a:iid:rbb_speed_test:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00313
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
EPSS
Процентиль: 54%
0.00313
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295