CVE-2014-5867
CVE-2014-5867 concerns the Capital One Spark Pay Android app (com.capitalone.sparkpay) version 0.9.81, where the SSL implementation does not verify X.509 certificates. The root cause is failure to validate server certificates, which enables man-in-the-middle attackers to spoof servers and potenti...