CVE-2014-6960

The CVE-2014-6960 entry concerns the Multitrac (com.multitrac) Android app version 1.04, which does not verify X.509 certificates when connecting to SSL servers. This enables man-in-the-middle attackers to spoof legitimate servers and access sensitive information via a crafted certificate. The av...