88 matches found
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - OkHttp 3.x (CVE-2018-20200)
Summary CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. Vulnerability Details CVEID: CVE-2018-20200 DESCRIPTION: DISPUTED CertificatePinner.java in...
CVE-2020-12624
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions...
CVE-2020-12624
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions...
Authorization
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions...
CVE-2020-12624
The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions...
CVE-2020-12624
CVE-2020-12624 affects The League application on Android prior to 2020-05-02. The flaw stems from reusing an OkHttp object, causing a bearer token in the HTTP Authorization header to be sent to an arbitrary external site hosting an image. This enables remote attackers to hijack sessions. Red Hat ...
OkHttp Certificate Pinning Vulnerability CVE-2016-2402
h3. Issue Summary Portfolio uses Okhttp 2.2.0 which has an identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-2402 https://www.securityfocus.com/bid/83296/info https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ h3. Steps to Reproduce...
OkHttp Certificate Pinning Vulnerability CVE-2016-2402
h3. Issue Summary Portfolio uses Okhttp 2.2.0 which has an identified vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-2402 https://www.securityfocus.com/bid/83296/info https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ h3. Steps to Reproduce...
CVE-2018-20200
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...
CVE-2018-20200
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...
CVE-2018-20200
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...
DEBIAN-CVE-2018-20200
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...
Design/Logic Flaw
DISPUTED CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their...
CVE-2018-20200
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...
UBUNTU-CVE-2018-20200
DISPUTED CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their...
CVE-2018-20200
Removed by vendor...
CVE-2018-20200
CVE-2018-20200 affects OkHttp 3.x up to 3.12.0: CertificatePinner.java may allow MITM bypass of certificate pinning by changing SSLContext and boolean values during hooking. The vulnerability is explicitly disputed as not a true vulnerability by some parties, per the notes in the description. Con...
CVE-2018-20200
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...
PT-2019-10014 · Square +1 · Okhttp +1
Name of the Vulnerable Software and Affected Versions: OkHttp versions 3.x through 3.12.0 Description: The issue in OkHttp allows man-in-the-middle attackers to bypass certificate pinning. This is achieved by changing SSLContext and boolean values while hooking the application. Recommendations: F...
CVE-2016-2402
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate...