JVN#25086409: ANA App fails to verify SSL server certificates

2015-10-28T00:00:00
ID JVN:25086409
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-10-28T00:00:00

Description

## Description

ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates.

## Impact

A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • ANA App for Android version 3.1.1 and earlier
  • ANA App for iOS version 3.3.6 and earlier