4 matches found
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - OkHttp 3.x (CVE-2018-20200)
Summary CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. Vulnerability Details CVEID: CVE-2018-20200 DESCRIPTION: DISPUTED CertificatePinner.java in...
CVE-2018-20200
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...
DEBIAN-CVE-2018-20200
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...
CVE-2018-20200
CVE-2018-20200 affects OkHttp 3.x up to 3.12.0: CertificatePinner.java may allow MITM bypass of certificate pinning by changing SSLContext and boolean values during hooking. The vulnerability is explicitly disputed as not a true vulnerability by some parties, per the notes in the description. Con...