5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
23.7%
Party Track SDK for iOS provided by Adways Inc. fails to verify server certificates in encrypted HTTPS communications.
According to the developer, in addition to communications by the SDK, communications by the application using NSURLConnection also fail to verify server certificates.
A man-in-the-middle attack may result in an attacker to eavesdrop or alter an encrypted communication.
Update SDK and rebuild the application
Update to the latest version of Party Track SDK and rebuild the application according to the information provided by Adways Inc.