2 matches found
Information disclosure
The Acces Compte aka com.fullsix.android.labanquepostale.accountaccess application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5839
The CVE-2014-5839 entry affects the Android app Acces Compte (com.fullsix.android.labanquepostale.accountaccess) version 3.2.6, which does not verify X.509 certificates from SSL servers. The root cause is improper TLS certificate validation, enabling man-in-the-middle attackers to spoof servers a...