Описание
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:foxitsoftware:foxit_pdf:5.2.1:*:*:*:*:iphone_os:*:*
cpe:2.3:a:foxitsoftware:foxit_pdf:5.3.2:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 1%
0.00011
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in.
EPSS
Процентиль: 1%
0.00011
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295