11 matches found
EUVD-2017-11286
Malware in sbrugna...
CVE-2017-2103
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-2103
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-2103
CVE-2017-2103 concerns the LaLa Call App for Android, where versions 2.4.7 and earlier do not verify X.509 certificates from SSL servers. This flaw enables Man-in-the-Middle attacks to potentially eavesdrop on encrypted communications by spoofing servers with crafted certificates. Affected softwa...
CVE-2017-2104
The CVE-2017-2104 entry applies to the Android app Business LaLa Call App for Android, version 1.4.7 and earlier. The root cause is that the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte...
CVE-2017-2103
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2017-2104
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
LaLa Call App for Android fails to verify SSL server certificates
Overview LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Yuto Iso of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
JVN#01014759: LaLa Call App for Android fails to verify SSL server certificates
LaLa Call App for Android provided by K-Opticom Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provid...