Information disclosure

2014-06-1910:50:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.7%

JSON

The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.

CPENameOperatorVersion
jr_east_japanle1.0

CPE	Name	Operator	Version
	jr_east_japan	le	1.0

References

jvn.jp/en/jp/JVN10603428/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000050

play.google.com/store/apps/details?id=jp.co.jreast