2 matches found
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6846, CVE-2014-6847. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-6846 and CVE-2014-6847 to determine which ID is appropriate. All reference...
CVE-2014-6847
CVE-2014-6847 corresponds to the Android app Horoscopes and Dreams (com.horoscopesanddreams) version 1.0.1, which does not verify X.509 certificates when making SSL connections. The root cause is missing SSL certificate validation, allowing man-in-the-middle attackers to spoof servers and exfiltr...