JVN#16933564: LINE MUSIC for Android fails to verify SSL server certificates

ID JVN:16933564
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-07-26T00:00:00


## Description

LINE MUSIC for Android provided by LINE MUSIC CORPORATION fails to verify SSL server certificates (CWE-295).

## Impact

A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

## Solution

Update the Application
Update to the latest version according to the information provided by the developer.

The developer states that this vulnerability was addressed in the version 3.6.5.

## Products Affected

  • LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 LINE MUSIC for iOS is not affected by this vulnerability.