JVN#57806517: Android App "Tootdon for Mastodon" fails to verify SSL server certificates

ID JVN:57806517
Type jvn
Reporter Japan Vulnerability Notes
Modified 2019-05-24T00:00:00


## Description

Android App "Tootdon for Mastodon" provided by Tsukurito, Inc. fails to verify SSL server certificates (CWE-295).

## Impact

A man-in-the-middle attack may allow an attacker to obtain and/or alter a content of communication.

## Solution

Update the Application
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Android App "Tootdon for Mastodon" version 3.4.1 and earlier