CVE-2014-5656

The Android app TRA Auctions for Buyers (com.manheim.tra) version 2.6 does not verify X.509 SSL server certificates, enabling man-in-the-middle attacks to spoof servers and access sensitive information via crafted certificates. This affects confidentiality and integrity (partial) with a CVSS v2 b...