EUVD-2014-2028

Malware in sbrugna...

Demaecan for Android SSL证书校验安全绕过漏洞

Bugtraq ID:66247 CVE ID:CVE-2014-1976 Demaecan for Android是一款基于安卓系统的应用。 Demaecan for Android不正确校验SSL服务器证书，允许可中间人攻击的攻击者伪造证书窃听敏感信息。 0 Demaecan for Android 用户可联系厂商获得相应的升级或补丁程序： https://play.google.com/store/apps/details?id=com.demaecan.androidapp&hl=ja...

CVE-2014-1976

Demaecan for Android (2.1.0 and earlier) does not verify SSL/TLS X.509 certificates, enabling MITM attackers to spy on encrypted traffic by presenting a crafted certificate. Affected component: SSL certificate verification in the Android app. Impact: potential information disclosure from intercep...

CVE-2014-1976

The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

JVN#16263849: Demaecan for Android. contains an issue where it fails to verify SSL server certificates

Demaecan for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...