EUVD-2014-5789

Malware in sbrugna...

Information disclosure

The UA Cinemas - Mobile ticketing aka com.mtel.uacinemaapps application 2.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5902

The CVE-2014-5902 entry concerns the UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) Android app version 2.9, which fails to verify X.509 certificates from SSL servers. This omission enables man-in-the-middle attackers to spoof servers and extract sensitive information via a crafted cer...