JVN#11994518: Cybozu KUNAI App fails to verify SSL server certificates

2016-05-16T00:00:00
ID JVN:11994518
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-05-16T00:00:00

Description

## Description

Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates.

## Impact

A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Cybozu KUNAI for iPhone 2.0.3 to 3.1.5
  • Cybozu KUNAI for Android 2.1.2 to 3.0.4