Design/Logic Flaw

2017-04-0614:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

CPENameOperatorVersion
starscreamle2.0.3

CPE	Name	Operator	Version
	starscream	le	2.0.3

References

seclists.org/bugtraq/2017/Apr/66

github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6

github.com/daltoniam/Starscream/releases/tag/2.0.4