Search...

CVE-2014-6684

2014-09-23T06:55:08

ID CVE-2014-6684
Type cve
Reporter NVD
Modified 2014-09-28T22:01:12

Description

The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

JSON Vulners Source

Initial Source

{"viewCount": 0, "lastseen": "2016-09-03T21:08:01", "cvss": {"score": 5.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "type": "cve", "description": "The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.", "assessment": {"name": "", "system": "", "href": ""}, "reporter": "NVD", "published": "2014-09-23T06:55:08", "history": [], "title": "CVE-2014-6684", "cpe": ["cpe:/a:mol:mol_bringapont:1.1::~~~android~~"], "bulletinFamily": "NVD", "edition": 1, "scanner": [], "id": "CVE-2014-6684", "cvelist": ["CVE-2014-6684"], "hash": "a4a67a11f80ffd86787d9ca99c653dd22625eb02416eaf63ac99a66e8f8cde93", "modified": "2014-09-28T22:01:12", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6684", "objectVersion": "1.2", "references": ["https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "http://www.kb.cert.org/vuls/id/582497"], "enchantments": {"vulnersScore": 7.4}}