2 matches found
CVE-2020-36285
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36285
CVE-2020-36285 concerns Union Pay for iOS up to version 3.3.12. The vulnerability is described as CWE-347: Improper Verification of Cryptographic Signature, where an authentication code (MAC) is generated based on a secret key that is NULL/empty. This permits attackers to shop for free on merchan...