CVE-2020-5523

2020-01-28T06:15:00
ID CVE-2020-5523
Type cve
Reporter vultures@jpcert.or.jp
Modified 2020-01-31T20:24:00

Description

Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.