Описание
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
Ссылки
- Permissions Required
- Third Party Advisory
- Third Party Advisory
- Permissions Required
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.12 (включая)
cpe:2.3:a:unionpayintl:union_pay:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 32%
0.00122
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
github
больше 3 лет назад
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
EPSS
Процентиль: 32%
0.00122
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347