EUVD-2014-5632

Malware in sbrugna...

Design/Logic Flaw

The FREE Pageplus Activation aka com.wFREEPageplusActivations application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5745

The CVE-2014-5745 entry concerns the FREE Pageplus Activation Android app (com.wFREEPageplusActivations) version 0.1, which does not verify X.509 certificates from SSL servers. This lax TLS validation can enable man-in-the-middle attackers to spoof servers and obtain sensitive information via a c...